[JumpCrisscross]

> initial fine is much, much lower and companies have so long to dabble in wilful ignorance

Another diluent: the maximum fine is practically the lesser of 2% and the NPV of business in that European country, or, expansively, in Europe. If you have little business in Europe, it’s cheaper in some cases to simply close shop.

[labawi]

I'm pretty certain an actual fine (not ceasing operations) has a limit of max(10M€, 2% worldwide revenue of previous year) and double if you're antithetical to GDPR. Also, it's per infringement and isn't a yearly free pass to continue once you're fined.

Companies are not doing much because enforcement is lacking, and in case you get caught, most fines are in the neighborhood of reasonable rather than instant liquidation.

[0] https://noyb.eu/en/irish-dpc-handles-9993-gdpr-complaints-wi...

[chopin]

GDPR says:

> Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 10 000 000 EUR, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher (emphasis mine).

As for the absolute sum, there is no limit.