As was already the case under previous legislation, breaches of data protection obligations under the new law may also result in administrative (Art. 49 ff. FADP), civil (Art. 30 ff. FADP) and/or criminal (Art. 60 ff. FADP) consequences. Whereas under previous law, virtually no breaches were punishable by criminal penalties, the criminal law section of the revFADP has been greatly expanded, and the possible penalties are considerably higher.