Organizations often ask how much chance they have on data protection fines and how much financial reserve they should make for that. Unit 27 June EDPB guidelines on calculating GDPR fines are released for public consultation. Interesting is to have a look at the example for mitigating and aggravating factors that could influence the height of your fine. These GDPR fines are required to be be, in each individual case, “effective, proportionate and dissuasive”. In order to
set the amount of the fine, data protection authorities must consider “a list of circumstances that refer to features of the infringement (its seriousness) or of the character of the perpetrator” and not exceed the maximum amounts specified in the GDPR. The EDPB has devised a five-step methodology for calculating GDPR fines.