GDPR Fines Calculator

Estimate potential GDPR fines based on your company's annual revenue and violation type. Understand the financial risks of non-compliance.

1 Enter Company Information

Annual Global Revenue (EUR) *

€

Enter your company's total annual worldwide revenue

Type of Violation *

Lower Tier Violations Up to €10 million or 2% of annual turnover Examples: Failure to maintain records, not notifying authority of breach, not conducting impact assessments, not appointing a DPO when required

Upper Tier Violations Up to €20 million or 4% of annual turnover Examples: Violating data processing principles, lacking legal basis for processing, violating consent conditions, violating data subject rights, illegal international transfers

Severity of Violation

Estimated Number of Affected Individuals

This helps estimate the scale of the violation

2 Estimated Fine Range

Potential Fine Range

Based on Revenue (Percentage)

Fixed Maximum

Factors That May Affect Your Fine:

Nature, gravity, and duration of the infringement
Whether it was intentional or negligent
Actions taken to mitigate damage
Previous infringements
Cooperation with the supervisory authority

Important Disclaimer: This calculator provides estimates only and does not constitute legal advice. Actual fines are determined by Data Protection Authorities based on many factors. Consult with a qualified legal professional for accurate assessment of your compliance obligations and potential liability.

Understanding GDPR Fines

The General Data Protection Regulation (GDPR) establishes two tiers of administrative fines:

Tier 1: Up to €10 million or 2% of turnover

This applies to violations of obligations of controllers and processors, certification bodies, and monitoring bodies under Articles 8, 11, 25-39, 42, and 43.

Tier 2: Up to €20 million or 4% of turnover

This applies to violations of basic principles for processing, conditions for consent, data subjects' rights, and transfers to third countries under Articles 5, 6, 7, 9, 12-22, and 44-49.

Notable GDPR Fines

Meta (Ireland): €1.2 billion for illegal data transfers
Amazon (Luxembourg): €746 million for advertising targeting
Google (France): €90 million for cookie consent violations
H&M (Germany): €35 million for employee surveillance

Other Free Legal Tools

🔒

📜

Terms & Conditions Protect your business

🍪

Cookie Policy Generator EU cookie law ready

🇺🇸

CCPA Compliance Checker California privacy law

Frequently Asked Questions

GDPR (General Data Protection Regulation) is an EU law that protects the personal data of EU residents. It applies to any organization worldwide that processes personal data of EU residents, regardless of where the organization is based.

GDPR fines are calculated based on the violation type (Tier 1 or Tier 2), the nature and gravity of the infringement, number of people affected, duration of the violation, whether it was intentional, actions taken to mitigate damage, and previous violations.

Annual turnover refers to the total worldwide annual revenue of the preceding financial year. For groups of companies, it may be calculated based on the entire group's global turnover, not just the entity that committed the violation.

Yes, GDPR applies to organizations of all sizes. However, Data Protection Authorities typically consider the organization's size and financial situation when determining fines. Small businesses may receive smaller fines, but serious violations can still result in significant penalties.

To avoid fines: ensure lawful basis for processing, obtain proper consent, respect data subject rights, implement appropriate security measures, conduct impact assessments, appoint a DPO if required, maintain proper records, and notify authorities of breaches within 72 hours.

GDPR is enforced by Data Protection Authorities (DPAs) in each EU member state. For cross-border cases, the lead supervisory authority is typically where the organization has its main establishment. The European Data Protection Board provides guidance and resolves disputes.