What are the penalties for non-compliance?

Penalties vary dramatically across jurisdictions. GDPR: up to €20 million or 4% of global annual turnover. CASL: up to $10 million CAD per violation for businesses. CAN-SPAM: up to ~$50,000 per email, with criminal penalties for aggravated violations. LGPD: up to 2% of Brazilian revenue (capped at 50 million reais per violation).

Australia: up to $2.22 million AUD per day for serious violations. Singapore: up to $1 million SGD for organizations. Japan: fines typically smaller but include potential criminal liability for individuals. India: penalties under DPDP still being implemented but can reach significant amounts for serious violations.

Beyond direct fines, violations trigger reputational damage, class action exposure, and operational disruption. Public enforcement actions damage brand trust. In some jurisdictions, individuals can pursue private legal action for statutory damages. Directors and officers may face personal liability. The financial calculus is clear: compliance costs less than violations. The severest penalties are designed to make non-compliance economically irrational even for large corporations.