Member States should be able to lay down the rules on criminal penalties for infringements of this Regulation, including for infringements of national rules adopted pursuant to and within the limits of this Regulation. Those criminal penalties may also allow for the deprivation of the profits obtained through infringements of this Regulation. However, the imposition of criminal penalties for infringements of such national rules and of administrative penalties should not lead to a breach of the principle ofne bis in idem, as interpreted by the Court of Justice.
GDPR Recital EN
Recital 149
Related across sources
News The Italian SA fined Poste Vita for data breach News EFFecting Change: The Human Cost of Online Age Verification Guidance Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement Guidance Guidelines 05/2020 on consent under Regulation 2016/679 Guidance Version history Guidance Guidelines 9/2022 on personal data breach notification under GDPR