Adopted on 3 October 2017.
The Guideline stipulates on the principles (infringement of the Regulation should lead to the imposition of “equivalent sanctions”; “effective, proportionate and dissuasive” administrative fines; an assessment “in each individual case”; a harmonized approach to administrative fines); and the assessment criteria in Article 83 (2) (the nature, gravity and duration of the infringement; the intentional or negligent character of the infringement; any action taken by the controller or processor to mitigate the damage suffered by data subjects; any relevant previous infringements by the controller or processor; the degree of cooperation with the supervisory authority, in order to remedy the infringement and mitigate the possible adverse effects of the infringement; notification of the infringement; compliance with previously ordered measures referred to in Article 58(2); adherence to approved codes of conduct pursuant to Article 40 or approved certification mechanisms pursuant to Article 42; any other aggravating or mitigating factor).