CCPA Fine Calculator
Calculate California Consumer Privacy Act (CCPA) penalties. Estimate fines of $2,500 per unintentional or $7,500 per intentional violation for data privacy breaches.
GDPR Fine Estimator
Model GDPR statutory exposure and worksheet scenarios from violation tier, annual turnover, and user-selected adjustment factors.
Worksheet Note: This page models statutory exposure and optional scenario adjustments from the inputs you choose. It does not predict the fine a regulator will actually impose in a live case.
Worldwide group revenue of preceding fiscal year
EUR
Scenario-Adjusted Worksheet Amount⧉
€6,860,000
Combined worksheet factor: 34.3%
Maximum Statutory Exposure⧉
€20,000,000
1.00 violation(s) x €20,000,000 each
Flat Cap⧉
€20,000,000
Art. 83(5): EUR 20M ceiling
Turnover-Based Fine⧉
€20,000,000
4% of €500,000,000 turnover
Applicable Basis⧉
Turnover %
Higher of flat cap vs. turnover % applies
Worksheet Amount as % of Turnover⧉
1.37%
Scenario amount / annual turnover
Adjustment Factors Applied
Severity70.00%
Cooperation70.00%
Data Subjects Scale70.00%
Prior History100.00%
Tier Comparison
| Metric | Tier 1 (Art. 83(4)) | Tier 2 (Art. 83(5)) |
|---|---|---|
| Flat Cap | €10,000,000 | €20,000,000 |
| Turnover % | 2% | 4% |
| Your Turnover Fine | €10,000,000 | €20,000,000 |
| Max Per Violation | €10,000,000 | €20,000,000 |
| Total (1 violation(s)) | €10,000,000 | €20,000,000 |
Historical Enforcement Examples
| Company | Year | Fine | DPA | Reason |
|---|---|---|---|---|
| Meta (Ireland) | 2023 | €1,200,000,000 | IE DPC | EU-US data transfers |
| Amazon (Luxembourg) | 2021 | €746,000,000 | CNPD | Ad targeting practices |
| Meta/WhatsApp | 2021 | €225,000,000 | IE DPC | Transparency failures |
| Google (France) | 2022 | €150,000,000 | CNIL | Cookie consent |
| H&M (Germany) | 2020 | €35,258,707 | HmbBfDI | Employee surveillance |
| TikTok (Ireland) | 2023 | €345,000,000 | IE DPC | Children data processing |
These examples are historical reference points only. They are not a pricing table or a reliable benchmark for any new enforcement action.
Art. 83(2) Factors Reference
| Factor | Description |
|---|---|
| Nature, gravity, duration | Type and seriousness of infringement |
| Intentional / negligent | Whether the violation was deliberate |
| Mitigation steps | Actions taken to reduce harm to data subjects |
| Technical measures | Degree of responsibility considering Art. 25/32 |
| Previous infringements | Relevant history of non-compliance |
| Cooperation with DPA | Degree of cooperation with supervisory authority |
| Data categories | Categories of personal data affected |
| Notification | How the DPA became aware of the violation |
| Certifications | Adherence to approved codes of conduct |
| Aggravating/mitigating | Any other relevant factors (financial gain, etc.) |
Planning notes, formulas, and examples
About the GDPR Fine Estimator
The GDPR Fine Estimator models the statutory penalty ceilings under the EU's General Data Protection Regulation. Fines are structured in two tiers depending on the category of violation. Tier 1 violations use the lower Article 83 ceiling, while Tier 2 violations use the higher ceiling tied to core processing principles and data-subject rights.
Understanding those ceilings is useful for compliance budgeting and scenario analysis. This calculator lets you enter annual turnover, select the violation tier, and see the maximum statutory exposure before optional worksheet adjustments are applied. It is intended as a planning model rather than a prediction of what a regulator will actually impose.
When This Page Helps
Knowing the statutory maximum penalty helps compliance teams compare exposure with the cost of remediation, legal review, training, and governance work. The calculator is most useful for stress-testing turnover-based exposure and comparing scenarios before counsel evaluates the case-specific facts.
How to Use the Inputs
- Enter your organization's global annual turnover in euros.
- Select the violation tier (Tier 1 for administrative, Tier 2 for core violations).
- Optionally enter the number of violations.
- View the statutory ceiling based on the higher of the flat cap or turnover percentage.
- Treat the worksheet-adjusted amount as a scenario model, not as a live enforcement forecast.
Formula used
Tier 1 Fine = max(€10,000,000, Annual Turnover × 2%)
Tier 2 Fine = max(€20,000,000, Annual Turnover × 4%)
Total Exposure = Fine per Violation × Number of ViolationsExample Calculation
Result: €20,000,000 statutory ceiling
With €500M annual turnover, the Tier 2 calculation yields €20M (4% of €500M). Since the flat cap is also €20M, the statutory ceiling is €20,000,000 per violation before any worksheet adjustments.
Tips & Best Practices
- Use the statutory ceiling first, then test lower worksheet scenarios rather than jumping straight to one number.
- Cooperation, scale, and prior history are included here as user-chosen worksheet factors, not as an official regulator formula.
- Documenting compliance efforts can matter in real cases, but this page does not determine what a regulator will treat as mitigating.
- If your organization spans multiple entities, verify what revenue base belongs in the turnover input before relying on the result.
- Use historical fines as context only; they are not a stable benchmark for future outcomes.
Understanding GDPR Enforcement Tiers
GDPR organizes violations into two tiers with different maximum penalties. Tier 1 applies to lower-ceiling administrative and organizational failures, while Tier 2 addresses more serious breaches of core principles and data-subject protections.
Historical Enforcement Examples
Past enforcement actions can show how large real cases have been framed, but they are not a stable pricing table for future cases. Differences in facts, regulator practice, and procedure make direct comparisons unreliable.
Building a Compliance Budget
Use this estimator as a starting point for quantifying non-compliance risk. Compare the statutory ceiling and worksheet scenarios against the cost of implementing proper data protection measures, training staff, conducting audits, and maintaining documentation.
Sources & Methodology
Last updated:
Methodology
This estimator first calculates the Article 83 statutory ceiling for the selected infringement tier by taking the higher of the flat cap and the turnover-based percentage, then multiplying that ceiling by the number of user-entered violations. It then applies site-defined adjustment multipliers for severity, cooperation, affected population size, and prior history to turn the statutory maximum into a directional planning estimate.
The adjusted amount is not an official regulator calculation. Supervisory authorities weigh the full Article 83 factors case by case, and linked infringements can be capped by the gravest infringement under Article 83(3). Treat the result as an exposure model for planning, not as a quoted or likely enforcement outcome.
Sources
- Regulation (EU) 2016/679, Article 83 (EUR-Lex) — Sets the EUR 10M / 2% and EUR 20M / 4% maximum fine tiers and the general fining factors.
- Guidelines 04/2022 on the calculation of administrative fines under the GDPR (European Data Protection Board)
Frequently Asked Questions
Tier 1 covers lower Article 83 ceilings for administrative obligations, while Tier 2 uses the higher ceiling tied to more fundamental processing violations. The calculator uses those tiers only to model the statutory ceiling, not to classify a real case for you.
No. It models the statutory ceiling and a user-adjusted worksheet scenario. Real enforcement outcomes depend on facts, procedure, regulator approach, and mitigation evidence that this page cannot resolve.
Yes, GDPR applies to any organization that processes personal data of EU residents, regardless of where the company is located. This includes companies offering goods or services to EU residents or monitoring their behavior.
A single incident can involve multiple GDPR provisions, but regulators do not simply multiply penalties mechanically in every case. This page lets you model multiple violations for scenario planning only.
Mitigating factors can include cooperation, remediation, and prior compliance efforts, but this page does not encode an official Article 83 balancing method. Its adjustment factors are worksheet levers, not authoritative fine discounts.
Global annual turnover refers to the total worldwide annual revenue of the entire corporate group or undertaking in the preceding financial year. It is not limited to EU revenue or revenue from the specific business unit involved in the violation.
More in this topic
HIPAA Fine Calculator
Estimate HIPAA violation penalties by tier. Calculate fines from $137 to $68,928 per violation with annual maximums up to $2,067,813 per violation category.
Data Breach Notification Cost Calculator
Estimate data breach costs including per-record expenses, legal fees, credit monitoring, forensic investigation, and public relations for incident response planning.