How high can fines be under the GDPR?

Answer:

The maximum amount of fines under the GDPR depends on the type of violation and the company’s turnover. For companies with a turnover of less than €500 million, the maximum fine is €10 million for violations of the provisions listed in Art. 83(4) GDPR (e.g., lack of a data processing agreement) and a maximum of €20 million for violations specified in Art. 83(5) and (6) GDPR (e.g., disregard of data subject rights).