What penalties or fines apply for privacy law violations?

GDPR violations in Germany can lead to criminal penalties (up to 3 years imprisonment) under BDSG § 42 or administrative fines up to €20 million or 4% of global annual turnover under EU GDPR — plus up to €50,000 for specific BDSG breaches.

The maximum fine for a PDPA violation in Singapore is S$1 million.

A company can be fined up to €20 million or 4% of its global annual turnover — whichever is higher — for a serious GDPR violation.

The ICO can fine a company up to £17.5 million or 4% of its global annual turnover — whichever is higher — for the most serious GDPR breaches.

Fines for violating South Korea’s Personal Information Protection Act (PIPA) range from ₩10 million to ₩100 million, depending on the violation type and severity.

Penalties for violations of the Digital Personal Data Protection Act, 2023 (DPDPA) range from ₹50 crore to ₹250 crore, depending on the nature and severity of the breach.

Violations of Japan's Act on the Protection of Personal Information (APPI) can result in criminal penalties including imprisonment up to 1 year or fines up to ¥500,000 — or both — for unauthorized disclosure or improper acquisition of personal information.