Morrison Foerster is an international law firm with lawyers practicing throughout the United States, Asia, and Europe. Click to discover more.

mofo_share_image.jpg

Morrison Foerster

favicon.ico

favicon-16x16.png

favicon-32x32.png

apple-touch-icon.png

MoFo Favicons

Terms / Notices

Cookies

Privacy Policy

Attorney Advertising

Secure Login

Alumni

  Facebook

MoFo Facebook

  Linkedin

MoFo LinkedIN

Twitter

MoFo Twitter

YouTube

MoFo Youtube

Morrison Foerster - Footer

You have not solved the recaptcha challenge yet or session expired, try again.

Disclaimer

Unsolicited e-mails and information sent to Morrison Foerster will not be considered confidential, may be disclosed to others pursuant to our <a href="https://www.mofo.com/about/privacy-policy.html">Privacy Policy</a>, may not receive a response, and do not create an attorney-client relationship with Morrison Foerster. If you are not already a client of Morrison Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

Feedback

mofo-logo-2022.svg

People

Capabilities

Resources

About

Culture

Offices

Careers

Stay Connected

The European General Data Protection Regulation (GDPR) will come into force on May 25, 2018. It will increase existing obligations for businesses, as well as introduce a number of new obligations, such as recordkeeping obligations and mandatory privacy impact assessments. But aside from the substantive obligations, the GDPR also significantly steps up the enforcement powers of the EU’s national data protection authorities (DPAs), empowering DPAs to impose fines of up to EUR 20 million or 4% of worldwide turnover (revenue), whichever is higher.

Multi-Billion Euro Fines for Data Protection Violations Under the New GDPR—Really?

About Morrison Forester

people-default-header-desktop.jpg

people-default-header-mobile.jpg

Default Meta Data

The European General Data Protection Regulation (GDPR) will come into force on May 25, 2018. It will increase existing obligations for businesses, as well as introduce a number of new obligations, such as recordkeeping obligations and mandatory privacy impact assessments. But aside from the substantive obligations, the GDPR also significantly steps up the enforcement powers of the EU’s national data protection authorities (DPAs), empowering DPAs to impose fines of up to EUR 20 million or 4% of worldwide turnover (revenue), whichever is higher.The new sanctions framework which introduces the possibility of imposing fines relative to a company’s revenue, is unprecedented in the context of data privacy enforcement and therefore comes with legal uncertainties. Will revenue from an undertaking only relate to a single legal entity or can it also include a group of companies? What will be the relevant turnover considered for calculation of fines? When is the starting point of the calculation or the cap for maximum amounts? These concepts have until now been foreign to European privacy laws, and there is no guidance or precedent that can assist with their interpretation.Read our <a target="_blank" href="https://media2.mofo.com/v3/assets/blt5775cc69c999c255/blt17ee6b40b77a5b1d/6273ec060d4d8e1d7f110904/171009-data-protection-violations-gdpr.pdf">article in Bloomberg BNA</a>.

Multi-Billion Euro Fines for Data Protection Violations Under the New GDPR—Really?