The Commission shall, in determining the sanctions, take into consideration the —
(a) nature, gravity, and duration of the infringement;
(b) purpose of the processing;
(c) number of data subjects involved;
(d) level of damage and damage mitigation measures implemented;
(e) intent or negligence;
(f ) degree of cooperation with the Commission; and
(g) types of personal data involved.