A recent decision by the European Court of Justice (ECJ), issued on 13 February 2025, has significant implications for GDPR compliance and potential fines for businesses. The ECJ stated that GDPR fines can now be calculated based on the parent company’s total annual global turnover, even if a subsidiary of the company has been accused.
However, the Court stressed that sanctions must be effective, proportionate and dissuasive, taking into account the gravity, duration and impact of the breach. This ruling ensures that large businesses cannot avoid significant fines by shifting liability to smaller subsidiaries.
In light of this judgment, it is all the more important for businesses to ensure that their data practices are in line with the GDPR. Make sure your organisation is closely monitoring your data collection practices and implement a GDPR-compliant consent management solution, such as consentmanager. Prevent potential fines and assess your compliance now.
The official publication of the ECJ’s decision can be found here: https://curia.europa.eu/juris/document/document.jsf?text=&docid=295319&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1
