The Dutch Data Protection Authority has announced a new policy for determining the fines to be imposed for violations of the General Data Protection Regulation (GDPR) and its national implementing act. The policy reaffirms the importance given by the GDPR to the Principle of Accountability. It states clearly that fines may be reduced if an offender is able to prove that it has taken appropriate steps to comply with the regulation, to limit the damage to data subjects, and to cooperate with the Data Protection Authority. The original policy in Dutch is available to read here and Achieved Compliance’s English translation is available to read here.