Module 17 2024

05/12/2024

• GDPR - Enforcement • Supervisory Authorities (e.g. the ICO) have a number of powers to enforce the GDPR including: – Issuing significant fines – Issuing warnings of non-compliance – Conducting audits – Requiring specific remediation within a specified time frame – Imposing bans on processing – Ordering erasure of data and suspending data transfers to a third country or to an international organisation • Under the GDPR, any person who has suffered material or non-material damage shall have the right to receive compensation from the controller or the processor

167

• GDPR – Fines (Article 83)

• Fines of up to £8.7 million under the UK GDPR, €10 million or 2% of annual global turnover under the EU GDPR can be issued for infringements of articles: i. 8 (conditions for children’s consent); ii. 11 (processing that doesn’t require identification); iii. 25 – 39 (general obligations of processors and controllers);

iv. 42 (certification); and v. 43 (certification bodies)

168

84