was discussing this a home to the young'un last night and he asked a very interesting question.

If you break GDPR you can be fined 4% of global turn over but what if the company does not have a turnover as such, say a local Council or charity? Money comes in but they do not make a profit in the way a normal business does, yet they can still accidentally break GDPR rules.

I wasn't sure what the answer was.

Fines are set as a max of £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.

https://ico.org.uk/for-organisations/guide-to-data...

Individuals can also be fined, and have been at Councils and NHS:

https://measuredcollective.com/can-an-individual-g...

Councils can't go bankrupt per se - the state ultimately steps in.