1. Member States shall ensure that, when determining the type and level of administrative sanctions or measures, the competent authorities take into account all relevant circumstances, including where appropriate:
(a) the gravity and the duration of the breach;
(b) the degree of responsibility of the natural person or legal entity responsible;
(c) the financial strength of the natural person or legal entity responsible, for example as indicated by the total turnover of the legal entity responsible or the annual income of the natural person responsible;
(d) the importance of profits gained or losses avoided by the natural person or legal entity responsible, in so far as they can be determined;
(e) the losses sustained by third parties as a result of the breach, in so far as they can be determined;
(f) the level of cooperation of the natural person or legal entity responsible with the competent authority;
(g) previous breaches by the natural person or legal entity responsible.
2. The processing of personal data collected in or for the exercise of the supervisory and investigatory powers in accordance with this Directive shall be carried out in accordance with Directive 95/46/EC and Regulation (EC) No 45/2001 where relevant.]
Textual Amendments
F1 Inserted by Directive 2013/50/EU of the European Parliament and of the Council of 22 October 2013 amending Directive 2004/109/EC of the European Parliament and of the Council on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market, Directive 2003/71/EC of the European Parliament and of the Council on the prospectus to be published when securities are offered to the public or admitted to trading and Commission Directive 2007/14/EC laying down detailed rules for the implementation of certain provisions of Directive 2004/109/EC (Text with EEA relevance).