Rina Steenkamp - Privacy and technology

My annotated General Data Protection Regulation

Chapter VIII Remedies, liability and sanctions

Article 78 Penalties

October 2013

Article 78(1)

1. Member States shall lay down the rules on penalties, applicable to infringements of the provisions of this Regulation and shall take all measures necessary to ensure that they are implemented, including where the controller did not comply with the obligation to designate a representative. The penalties provided for must be effective, proportionate and dissuasive.

Article 78(2)

2. Where the controller has established a representative, any penalties shall be applied to the representative, without prejudice to any penalties which could be initiated against the controller.

Article 78(3)

3. Each Member State shall notify to the Commission those provisions of its law which it adopts pursuant to paragraph 1, by the date specified in Article 91(2) at the latest and, without delay, any subsequent amendment affecting them.

[Source: October 2013]

Recital 119

(119) Penalties should be imposed to any person, whether governed by private or public law, who fails to comply with this Regulation. Member States should ensure that the penalties should beeffective, proportionate and dissuasive and should take all measures to implement the penalties. The rules on penalties should be subject to appropriate procedural safeguards in conformity with the general principles of Union law and the Charter of Fundamental Rights, including those concerning the right to an effective judicial remedy, due process and the principle of ne bis in idem.

Recital 119a

(119a) In applying penalties, Member States should show full respect for appropriate procedural safeguards, including the right to an effective judicial remedy, due process, and the principle of ne bis in idem.

[Source: October 2013 | Notes: Recitals | Context: Recitals]

January 2012

Explanatory memorandum

3.4. Detailed explanation of the proposal

Article 78 obliges Member States to lay down rules on penalties, to sanction infringements of the Regulation, and to ensure their implementation.

[Source: January 2012 | Context: Proposal from the European Commission]

Article 78(1) [Amended: October 2013]

1. Member States shall lay down the rules on penalties, applicable to infringements of the provisions of this Regulation and shall take all measures necessary to ensure that they are implemented, including where the controller did not comply with the obligation to designate a representative. The penalties provided for must be effective, proportionate and dissuasive.

Article 78(2)

2. Where the controller has established a representative, any penalties shall be applied to the representative, without prejudice to any penalties which could be initiated against the controller.

Article 78(3)

3. Each Member State shall notify to the Commission those provisions of its law which it adopts pursuant to paragraph 1, by the date specified in Article 91(2) at the latest and, without delay, any subsequent amendment affecting them.

[Source: January 2012 | Context: Proposal from the European Commission]

Recital 119 [Amended: October 2013]

(119) Penalties should be imposed to any person, whether governed by private or public law, who fails to comply with this Regulation. Member States should ensure that the penalties should be effective, proportionate and dissuasive and should take all measures to implement the penalties.

[Source: January 2012 | Notes: Recitals | Context: Proposal from the European Commission, Recitals]

Directive 95/46/EC

Cross-reference

General Data Protection Regulation:Directive 95/46/EC:
Article 78(1)Article 24

Chapter III Judicial remedies, liability and sanctions

Article 24 Sanctions

The Member States shall adopt suitable measures to ensure the full implementation of the provisions of this Directive and shall in particular lay down the sanctions to be imposed in case of infringement of the provisions adopted pursuant to this Directive.