What is the maximum fine that can be applied for breach of data protection laws?
The maximum administrative fine that may be imposed is that of €23,300, for instance such a fine might be applied if the rectification of data processed in an unlawful manner has not been carried out, following an order by the Commissioner. Further to this, the DPA makes certain acts an offence, such as if the controller provides the data subject with untrue information or if sensitive personal data is processed in contravention to the provisions of the DPA, which may attract a maximum fine of €23,000, as well as, a period of imprisonment which may range from 3 to 6 months.
In addition to the above, the Third Country (Data Protection) Regulations, Subsidiary Legislation 440.03 of the Laws of Malta, which apply to transfers of personal data to third countries, lay out an administrative fine of €23,293.73 for each violation whereby a daily fine of €2,329.37 may be imposed for each day which the violation persists. Any contraventions in relation to the Processing of Personal Data (Electronic Communications Sector) Regulations, Subsidiary Legislation 440.01 of the Laws of Malta, attracts the same latter administrative fine.
The Data Protection Authority may issue orders to the effect that violation of provisions laid down in or pursuant to the Personal Data Act shall result in a fine to the Treasury of maximum 10 times the National Insurance Basic Amount, currently NOK 936 340.
Maximum fine is TRY 1.000.000 (EUR 245.000 approx.) however please note that this fine is for each case of a breach. Therefore the fine may go higher.