In order to strengthen the enforcement of the rules of this Regulation, penalties including administrative fines should be imposed for any infringement of this Regulation, in addition to, or instead of appropriate measures imposed by the supervisory authority pursuant to this Regulation. In a case of a minor infringement or if the fine likely to be imposed would constitute a disproportionate burden to a natural person, a reprimand may be issued instead of a fine. Due regard should however be given to the nature, gravity and duration of the infringement, the intentional character of the infringement, actions taken to mitigate the damage suffered, degree of responsibility or any relevant previous infringements, the manner in which the infringement became known to the supervisory authority, compliance with measures ordered against the controller or processor, adherence to a code of conduct and any other aggravating or mitigating factor. The imposition of penalties including administrative fines should be subject to appropriate procedural safeguards in accordance with the general principles of Union law and the Charter, including effective judicial protection and due process.
GDPR Recital EN
Recital 148
Related across sources
Guidance Guidelines 04/2022 on the calculation of administrative fines under the GDPR Guidance Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted on 20 October 2020 Guidance Guidelines 02/2022 on the application of Article 60 GDPR Case Law Deutsche Wohnen SE v Staatsanwaltschaft Berlin News DeFine is a calculator for GDPR fines based on method of the EDPB Guidance Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679