What will trigger additional future audits as a sanction for GDPR breaches?

The correct answer highlights that severe breaches of data protection regulations can lead to additional future audits as a sanction under GDPR. When an organization fails to comply with the General Data Protection Regulation in a significant way, it indicates a lack of adequate protections for personal data, which is a priority for regulators.

Severe breaches, such as unauthorized data processing or high-risk violations that compromise individuals' privacy, are viewed as serious threats to data protection. As a result, regulatory bodies may impose heightened scrutiny on the organization, which often includes more frequent audits to ensure that corrective measures are implemented and that the organization is moving towards compliance. This is a preventive approach to ensure ongoing accountability and to protect individuals' data effectively in the future.

The other scenarios, such as minor non-compliance issues, do not generally lead to automatic audits; instead, they may prompt organizations to improve practices without significant regulatory intervention. Additionally, failures related to promoting services or marketing strategies are irrelevant to GDPR compliance and focus instead on business operational aspects rather than data protection. These factors do not trigger the same level of regulatory concern as severe breaches involving data handling practices do.