ERDEM-NEWSLETTER-2018-metin

337 PERSONAL DATA PROTECTION that the imposition of administrative fines in respect of infringements of this Regulation referred to in paragraphs 4, 5 and 6 shall, in each individual case, be effective, proportionate and dissuasive. The amount of the fine is regulated under paragraph 5 of Article 83 for certain types of infringements, which can be as high as EUR20 million or, in the case of an undertaking, up to 4% of the total world- wide annual turnover of the preceding financial year. The infringe- ments that results in the highest fines are: breach of requirements relating to (i) the principles with respect to the processing of personal data, lawfulness of processing, conditions for consent, processing of special categories of personal data; (ii) the data subjects’ rights pursu- ant to Articles 12 to 22; (iii) the transfers of personal data to a recipient in a third country or an international organization pursuant to Articles 44 to 49; (iv) any obligations pursuant to a Member State law adopted under Chapter IX; (v) non-compliance with an order, or a temporary or definitive limitation on processing, or the suspension of data flow by the supervisory authority pursuant to Article 58(2), or failure to provide access in violation of Article 58(1). Other identified infringe- ments under paragraph 4 of Article 83 shall result in administrative fines up to EUR10 million, or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year. Conclusion The long-waited GDPR that brings with it significant changes on the protection of personal data is currently in force. With the GDPR, it is intended to protect the privacy of the data subjects more strictly, and to reorganize data privacy laws across Europe. Also, the high euro amount of administrative fines to be imposed in the event of any in- fringement of this Regulation must be daunting for data controllers and processors. Lastly, it is worth to note that, international compa- nies, as well as Turkish companies, are under the obligation to comply with the GDPR, provided that their activities fall under the scope of the GDPR.