GDPR Fine Estimator
Model GDPR statutory exposure and worksheet scenarios from violation tier, annual turnover, and user-selected adjustment factors.
CCPA Fine Calculator
Calculate California Consumer Privacy Act (CCPA) penalties. Estimate fines of $2,500 per unintentional or $7,500 per intentional violation for data privacy breaches.
Quick Scenarios
Each affected consumer record = 1 violation
$
$
Regulatory Fine (CCPA/CPRA)โง
$25,000,000.00
10,000 violations ร $2,500.00
Private Action (Mid Est.)โง
$4,250,000.00
Range: $1,000,000.00 โ $7,500,000.00
Total Exposure (Mid Case)โง
$29,785,000.00
Fine + litigation + remediation
Total Exposure (Worst Case)โง
$33,300,000.00
Maximum financial impact
Revenue Impactโง
14.89%
Mid-case exposure as % of revenue
Compliance ROIโง
119.1ร
Potential fine รท compliance budget
Notification Costsโง
$35,000.00
$20,000.00 โ $50,000.00
Fine Accrual Rateโง
$833,333.00/day
30-day pace of regulatory fine
Total Exposure Breakdown
Regulatory Fine
$25,000,000.00
Private Litigation
$4,250,000.00
Notification Costs
$35,000.00
Credit Monitoring
$200,000.00
Forensic Investigation
$150,000.00
Legal Defense
$300,000.00
Scenario Comparison
| Cost Component | Best Case | Mid Case | Worst Case |
|---|---|---|---|
| Regulatory Fine | $25,000,000.00 | $25,000,000.00 | $25,000,000.00 |
| Private Litigation | $0 (no suit) | $4,250,000.00 | $7,500,000.00 |
| Breach Notification | $20,000.00 | $35,000.00 | $50,000.00 |
| Credit Monitoring | $0 | $200,000.00 | $300,000.00 |
| Forensic Investigation | $75,000.00 | $150,000.00 | $150,000.00 |
| Legal Defense | $0 | $150,000.00 | $300,000.00 |
| Total Exposure | $25,095,000.00 | $29,785,000.00 | $33,300,000.00 |
CCPA/CPRA Penalty Schedule
| Violation Category | Per-Violation Fine | Your Exposure (10,000 violations) |
|---|---|---|
| Unintentional | $2,500.00 | $25,000,000.00 |
| Intentional | $7,500.00 | $75,000,000.00 |
| Involving Minors (<16) | $7,500.00 | $75,000,000.00 |
| Private Action (min) | $100.00 | $1,000,000.00 |
| Private Action (max) | $750.00 | $7,500,000.00 |
Fine Scaling by Record Count
| Records Affected | Unintentional | Intentional | Private (Max) |
|---|---|---|---|
| 1,000 | $2,500,000.00 | $7,500,000.00 | $750,000.00 |
| 10,000 | $25,000,000.00 | $75,000,000.00 | $7,500,000.00 |
| 50,000 | $125,000,000.00 | $375,000,000.00 | $37,500,000.00 |
| 100,000 | $250,000,000.00 | $750,000,000.00 | $75,000,000.00 |
| 500,000 | $1,250,000,000.00 | $3,750,000,000.00 | $375,000,000.00 |
| 1,000,000 | $2,500,000,000.00 | $7,500,000,000.00 | $750,000,000.00 |
CCPA fines scale linearly per violation. 30-day cure period has been removed under CPRA enforcement.
Planning notes, formulas, and examples
About the CCPA Fine Calculator
The CCPA Fine Calculator estimates penalties under the California Consumer Privacy Act and its successor, the California Privacy Rights Act (CPRA). Under the current CPPA penalty schedule used on this page, violations are categorized as either unintentional ($2,663 per violation) or intentional ($7,988 per violation). Penalties involving minors under 16 also carry the $7,988 rate.
With CCPA enforcement expanding through the California Privacy Protection Agency, understanding potential fine exposure is critical for businesses that collect personal information from California residents. Each affected consumer record can constitute a separate violation, meaning total fines can escalate rapidly during a large-scale data incident.
This calculator helps compliance teams model worst-case financial exposure by entering the number of violations, violation type, and whether minors are involved, producing an estimate of potential penalties.
When This Page Helps
California represents the largest US consumer market, and CCPA/CPRA enforcement is active. Quantifying your potential fine exposure helps justify privacy investments and support executive risk briefings.
How to Use the Inputs
- Enter the number of violations (each affected consumer can be one violation).
- Select whether violations were intentional or unintentional.
- Indicate if minors under 16 were involved.
- View the total estimated fine and per-violation breakdown.
- Use the results to assess risk exposure and compliance priorities.
Formula used
Unintentional Fine = $2,663 ร Number of Violations
Intentional Fine = $7,988 ร Number of Violations
Minor Involved = $7,988 ร Number of Violations (regardless of intent)Example Calculation
Result: $26,630,000 total fine
With 10,000 unintentional violations at $2,663 each, the total estimated fine is $26,630,000. This illustrates how quickly CCPA penalties scale with the number of affected consumers.
Tips & Best Practices
- Each individual consumer whose data is mishandled can constitute a separate violation.
- The 30-day cure period for unintentional violations has been removed under CPRA enforcement.
- Intentional violations carry three times the penalty of unintentional ones.
- Violations involving children under 16 automatically trigger the $7,500 rate.
- Private right of action allows consumers to sue for $100-$750 per incident for data breaches.
- Maintaining a robust privacy program may help demonstrate violations were not intentional.
- Document all data processing activities and consumer requests to support compliance.
CCPA Enforcement Trends
Since the California Privacy Protection Agency began enforcement, the pace and scope of investigations have increased significantly. Industries handling large volumes of consumer data, such as tech, retail, and healthcare, face heightened scrutiny.
Private Right of Action
Beyond regulatory fines, businesses face potential class action lawsuits from affected consumers. Statutory damages of $100 to $750 per consumer can result in enormous liability when thousands or millions of consumers are affected by a data breach.
Compliance Cost vs Fine Risk
Compare the cost of implementing proper consent mechanisms, data mapping, and consumer request processes against the potential penalties. In most cases, proactive compliance is significantly less expensive than reactive penalty payments and litigation costs.
Sources & Methodology
Last updated:
Methodology
This page is a budgeting worksheet, not a legal penalty determination. It multiplies the entered violation count by the fine tier configured on the page to produce a scenario estimate. The worksheet is intended for planning and risk comparison, and it does not determine actual enforcement outcome, settlement amount, or whether a particular event will be treated as one violation or many.
Sources
- California Privacy Protection Agency Announces Increases for CCPA Fines and Penalties (California Privacy Protection Agency) โ Official CPPA announcement with updated civil penalty amounts and revenue threshold changes.
- California Consumer Privacy Act (CCPA) (California Department of Justice, Office of the Attorney General) โ Official California privacy guidance describing enforcement authority and private right of action limits.
Frequently Asked Questions
CPRA is the major amendment that expanded the original CCPA framework. It strengthened consumer rights, created the California Privacy Protection Agency (CPPA), and expanded requirements for businesses handling sensitive personal information.
The California Attorney General and the California Privacy Protection Agency (CPPA) both have enforcement authority. CPPA was created by CPRA to focus specifically on privacy enforcement and remains active under the current California privacy regime.
Yes, consumers have a private right of action for data breaches resulting from a business's failure to maintain reasonable security. Statutory damages range from $100 to $750 per consumer per incident, or actual damages if higher.
Each instance of non-compliance affecting an individual consumer can be treated as a separate violation. A data breach affecting 100,000 consumers could potentially be considered 100,000 separate violations.
Yes, CCPA applies to any for-profit business that collects California residents' personal information and meets revenue, data volume, or data-selling thresholds, regardless of where the business is physically located. Use this calculator to model different scenarios and find the best approach.
CCPA applies to businesses with annual gross revenue over $25 million, those that buy/sell/share personal information of 100,000+ consumers or households, or those that derive 50% or more of revenue from selling personal information. Keep in mind that individual circumstances can significantly affect the outcome.
More in this topic
Data Breach Notification Cost Calculator
Estimate data breach costs including per-record expenses, legal fees, credit monitoring, forensic investigation, and public relations for incident response planning.
Privacy Impact Score Calculator
Calculate a weighted privacy impact score across data types, processing activities, third-party sharing, and retention periods to support privacy review triage.