Article 84 GDPR

From GDPRhub
Article 84 - Penalties
Gdpricon.png
Chapter 10: Delegated and implementing acts

Legal Text[edit | edit source]


Article 84 - Penalties


1. Member States shall lay down the rules on other penalties applicable to infringements of this Regulation in particular for infringements which are not subject to administrative fines pursuant to Article 83, and shall take all measures necessary to ensure that they are implemented. Such penalties shall be effective, proportionate and dissuasive.

2. Each Member State shall notify to the Commission the provisions of its law which it adopts pursuant to paragraph 1, by 25 May 2018 and, without delay, any subsequent amendment affecting them.

Relevant Recitals[edit | edit source]

You can help us fill this section!

Commentary[edit | edit source]

Missing penalties in Article 83[edit | edit source]

Certain violations of the GDPR are not listed in the catalogue of penalties in Article 83 GDPR. National legislators may add provisions to fill these gaps.

For example: § 62 of the Austrian Data Protection Act (Datenschutzgesetz - DSG) sets a penalty of 50,000 EUR for example for (1) illegal access to personal data or keeping such an access open, (2) a violation of the principle of purpose limitation or (3) a violation of the Austrian CCTV rules in the act.

Further criminal penalties[edit | edit source]

Many illegal processing activities under GDPR may give rise to violations of national criminal laws that are specific to data processing or have broader application (e.g. laws on cybersecurity, fraud and alike).

Decisions[edit | edit source]

→ You can find all related decisions in Category:Article 84 GDPR

References[edit | edit source]