Fines can be up to 10 million Euros or 2% of the organisation’s global turnover for failing to notify the ICO of a Data Breach. 


For serious GDPR infringements, the maximum fine can be 20 million Euros or 4% of the organisation’s global turnover for the preceding financial year.




This information is provided for guidance and cannot be classified as official legal advice. For official direction related to your obligations under GDPR, please speak to your legal counsel.