Violators of GDPR may be fined up to €20 million, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater.
[18] Excessive video surveillance of employees; single, shared password for messaging system; ignoring earlier CNIL order to change practices.
[33] Using facial recognition technology to monitor the attendance of students in school on an invalid legal basis; processing sensitive biometric data unlawfully and failure to do an adequate impact assessment including seeking prior consultation with the Swedish DPA.
[35] Not appointing a DPO, not publishing its contact details or reporting those to the supervisory authority, obligatory consent of data subjects (Art.
[45] The AEPD finally fined Vodafone €150,000, that was reduced to €90,000 due to the assumption of responsibility and the early payment.