Article 84 GDPR
|← Article 84 - Penalties →|
1. Member States shall lay down the rules on other penalties applicable to infringements of this Regulation in particular for infringements which are not subject to administrative fines pursuant to Article 83, and shall take all measures necessary to ensure that they are implemented. Such penalties shall be effective, proportionate and dissuasive.
2. Each Member State shall notify to the Commission the provisions of its law which it adopts pursuant to paragraph 1, by 25 May 2018 and, without delay, any subsequent amendment affecting them.
Missing penalties in Article 83
Certain violations of the GDPR are not listed in the catalogue of penalties in Article 83 GDPR. National legislators may add provisions to fill these gaps.
For example: § 62 of the Austrian Data Protection Act (Datenschutzgesetz - DSG) sets a penalty of 50,000 EUR for example for (1) illegal access to personal data or keeping such an access open, (2) a violation of the principle of purpose limitation or (3) a violation of the Austrian CCTV rules in the act.
Further criminal penalties
Many illegal processing activities under GDPR may give rise to violations of national criminal laws that are specific to data processing or have broader application (e.g. laws on cybersecurity, fraud and alike).
→ You can find all related decisions in Category:Article 84 GDPR