A fine doesn't imply that you can continue processing the data. GDPR also requires them to stop handling all such data if they don't have a legal right to do so (since the default case, if they can't show a valid legal reason, is that they're not allowed to do it).
And that's a maximum fine for a particular decision not the maximum fine annually. They can certainly be fined once and ordered to stop processing the data within, say, 30 days; then fined once more after the 30 days have passed for noncompliance with that order, and then so on.
There also is personal liability for the responsible executives and employees who'd be violating the regulator's order.
And that's a maximum fine for a particular decision not the maximum fine annually. They can certainly be fined once and ordered to stop processing the data within, say, 30 days; then fined once more after the 30 days have passed for noncompliance with that order, and then so on.
There also is personal liability for the responsible executives and employees who'd be violating the regulator's order.