If a company violates obligations arising from the GDPR, this can lead to penalties of up to € 10 million or 2% of the worldwide annual turnover. These fines can be imposed not only on those responsible but also on data processors. If rights of data subjects are violated or if a company violates the principles of lawful data processing, the fines can even amount to up to € 20 million or 4% of the worldwide annual turnover.

A minor offence will not be punishable by the maximum penalty. However, these maximum amounts show that any company should devote the necessary attention and resources to the issue.

There is currently no real protection against the imposition of a fine. By examining your data protection documentation and measures, however, you can prove that you have fulfilled your obligations with the necessary care. This is not only important when determining the amount of the fine, but is also an essential aspect in the event of claims for damages or recourse.

You should therefore make use of our GDPR audit. You receive a report from us in which the status quo is described, any weak points are pointed out and solutions are proposed. If required, we also provide ongoing support, regular updates and adaptation proposals and support in cooperation with the authorities.