← All tools

GDPR Fine Calculator

The General Data Protection Regulation (GDPR) allows supervisory authorities to impose fines of up to €20 million or 4% of annual global turnover, whichever is higher. This calculator estimates your exposure using factors defined in EDPB Guidelines 04/2022 on the calculation of administrative fines.

GDPR Fine Estimator

Art. 83 administrative fines, EDPB Guidelines 04/2022 methodology

Estimates only, not legal advice

Art. 5 GDPR, basis for all processing

Optional. If your turnover-based cap (2–4%) exceeds the fixed cap, it will be used instead.

How serious was the breach?

Tap the info icon on any option for examples.

How did it happen?

Type of personal data involved

Duration of the violation

Number of data subjects affected

Degree of cooperation with the DPA

How was the violation discovered?

Prior violations or warnings

Mitigation and preventive measures

Rough indicative range only. Actual fines depend on DPA discretion, national law, and full case circumstances. Reference: GDPR Art. 83, EDPB Guidelines 04/2022 on fines. Not legal advice.

Frequently asked questions

How are GDPR fines calculated?

The EDPB uses a five-step process: identify the gravest infringement, set a starting amount based on tier and seriousness, adjust for aggravating and mitigating factors, apply the legal maximum, and verify proportionality.

What is the difference between Tier 1 and Tier 2?

Tier 1 (Art. 83(4)) covers technical and processor obligations, up to €10M or 2% of turnover. Tier 2 (Art. 83(5)) covers core principles, consent, and data subject rights, up to €20M or 4% of turnover.

Does cooperation with the DPA reduce my fine?

Yes. The EDPB Guidelines list cooperation as an explicit mitigating factor. Self-reporting a breach before the DPA discovers it is the single most significant mitigating action you can take.

Is this calculator accurate?

It uses factors defined in EDPB Guidelines 04/2022 and produces an indicative range. Actual fines depend on full DPA discretion and case circumstances. This is not legal advice.

Which DPA would fine my company?

The lead authority is where your main EU establishment is located (Art. 56 GDPR). For most companies this is where your EU headquarters or main data processing decisions are made.