The European Data Protection Board (EDPB) today published its guidelines for harmonising the imposition of fines under the GDPR.
At its May plenary session, the EDPB approved the final version of Guideline 4/2022 on the calculation of fines under the GDPR, following a public consultation process that took place at the beginning of summer last year.

According to the EDPB’s public statement, these guidelines aim to harmonise the methodology used by data protection authorities to calculate fines and include common ‘starting points’, which take into account the nature of the infringements, their seriousness and the company’s turnover.

The guideline establishes a five-stage methodology, taking into account the number of instances of sanctionable conduct; the starting point for calculating the fine; aggravating and mitigating factors; legal maximums for fines; and the requirements of effectiveness, deterrence and proportionality.

Following the public consultation process, an annex was added with a reference table summarising the methodology and two practical examples. The EDPB also points out that the table and examples are for illustrative purposes only and should be understood in conjunction with the other guidelines.

This guideline will allow for a consistent application of the GDPR in all member states, both at national level and in cross-border cases where decisions are taken through the co-operation mechanism provided for in Article 60 of the GDPR.

https://www.cnpd.pt/comunicacao-publica/noticias/cepd-aprova-diretriz-para-aplicacao-de-coimas/