Which penalty is imposed for privacy violations under the general data protection regulation (GDPR)?

Under the General Data Protection Regulation (GDPR), the highest level of penalties for serious violations can reach up to 20 million Euros or up to 4% of the annual global turnover of the preceding financial year, whichever is higher. The rationale behind this significant penalty structure is to enforce compliance and protect individuals' data rights effectively.

The regulation aims to address serious breaches such as failing to obtain valid consent for data processing, not fulfilling data subjects' rights, or neglecting to implement adequate security measures. With such hefty fines, GDPR ensures that organizations take data protection seriously, fostering a culture of responsibility concerning personal data handling.

Selecting the correct option reflects an understanding of the GDPR’s strict regulatory framework designed to safeguard privacy in the digital age.