Fines from GDPR and CCPA Violations in Donor Data Handling

$100,000-$4,000,000+ (GDPR fines elevated due to 'sensitive' data category; legal liability for data shared with estate attorneys; potential fraud liability if data compromised; donor trust collapse) • $1M - €20M (GDPR fines scale with revenue and data scope) • $2,663 to $7,988 per violation (2025 CCPA baseline); multiplied by donor count (10,000 donors = $26.63M-$79.88M exposure); additional reputational damage and donor churn

Attendee lists exported via Eventbrite CSV; emailed to marketing team for campaign targeting; no consent management for post-event marketing • Corporate sponsor contact lists stored in personal email archives or unsecured cloud folders; manual mail-merge campaigns without consent verification; verbal confirmations of opt-in not recorded; LinkedIn scraping without consent documentation • CSV exports from crowdfunding platform stored in unencrypted cloud drives, manual email verification of contributor consent, no documentation of data transfer basis