Corporate Liability Under the GDPR

72 Pages Posted: 9 Aug 2023

Date Written: August 9, 2023


The GDPR provides for a wide variety of sanctions for the supervisory authorities in order to effectively enforce the obligations incumbent on the addressees of the GDPR. In the case of violations, Article 83 (2), (4) - (6) of the GDPR allows in particular the imposition of fines, some of which can be horrendous, in order to achieve a corresponding general preventive effect. In addition to natural persons, companies are also explicitly considered as sanction addressees as data controllers or processors. The fine regime thus proves to be the sharpest sword of the supervisory authorities' measures. Nevertheless, it has recently become apparent that this set of instruments for the liability of legal persons is not explicitly conclusively regulated in the GDPR and has thus increasingly caused legal uncertainty in national courts.

Keywords: GDPR

JEL Classification: K13

Suggested Citation

Hoeren, Thomas, Corporate Liability Under the GDPR (August 9, 2023). Available at SSRN: or

Thomas Hoeren (Contact Author)

ITM Münster (FRG) ( email )

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics