Q: Can a Controller or Processor be fined?

The short answer is yes.

In saying that, a monetary fine is only one of the corrective measures included in the GDPR to apply pressure on controllers and processors to comply with the regulation.

Not all violations will result in a monetary fines, and not all fines will be based on the maximum amount, though rest assured it won’t be pocket change either.

A monetary fine is the last step in a long process designed to address the scope of an infringement by a Controller and/or Processor, concurrently assessing on how the organization allowed the infringement to happen in the first place and to monitor what steps have been taken to address the violation and any further violations.

 question sent in by Victoria.F from Germany