This entire issue is sidestepped by having graduated fines (which GDPR has). If they keep doing it the amount keeps going up until eventually they go out of business. It really limits the ability to take advantage of the system which hopefully makes it not worthwhile to bother doing.
Up to 4% of turnover. So if they make more than that it is still profitable to keep going.
Not that it is likely that they make that much in profit, but still. There probably shouldn’t be a limit, and there probably should be personal legal consequences such as jail time for repeat offenders.
You can apply a fine multiple times in a year if they don’t stop. As that 4% is based on global revenue you’re eventually going to make it unprofitable.
Huh. Any idea if it's individual fines or total fines that are capped? It never occurred to me before.
Anyway this is all purely academic. 99% of violations aren't going to increase profit by more than the maximum fine (or even anywhere remotely near that) thus it seems to me that the law has sufficiently broad coverage for addressing a behavior that does not directly result in physical injury.
