What Can Happen if a Company Violates the GDPR, Europe’s General Data Protection Regulation? Well, a lot. The main penalty for violating the GDPR is fines.
These fines can be up to €20 million or 4% of annual global revenue, whichever is higher. Even violations that may not directly harm consumers - like failure to keep adequate records - can result in fines of up to €10 million or 2% of annual global revenue.
The data protection authorities in Europe are very active and often impose high fines. There were hundreds of fines imposed in 2021. You can see violations and fines imposed at enforcementtracker.com.
Amazon was fined $888 million in 2021 (this is currently being appealed). Also, fines are public, so there can be considerable reputational damage from a GDPR violation, especially for startups.
In addition to fines, the supervisory authorities (for each EU country) can stop the company from processing data - a potentially business-ending problem.
Bottom line: the GDPR is serious business, with serious fines for violations and very active enforcement. So know the law and get compliant!