In EU:

Violators of GDPR (personal data) may be fined up to €20 million, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater.

Under NIS2 (cybersecurity), financial penalties may be up to either €10 million or 2% of the global yearly revenue, again, whichever is the greater amount.