Failure to comply with the notification obligation can result in a fine of up to £17million, or 4% of an organisation’s global turnover (whichever is higher).
However, if your organisation can demonstrate it has a responsible response plan and has been proactive in identifying and remedying the breach, this will be important in helping to mitigate the regulatory consequences of such a breach.
Other factors the ICO will take into account when considering administrative fines include the gravity and duration of the infringement, whether there have been any previous infringements, the degree of cooperation with the ICO, and the manner in which the infringement became known to the ICO. The WP29’s guidance on administrative fines can be found here.