Model GDPR statutory exposure and worksheet scenarios from violation tier, annual turnover, and user-selected adjustment factors.
The GDPR Fine Estimator models the statutory penalty ceilings under the EU's General Data Protection Regulation. Fines are structured in two tiers depending on the category of violation. Tier 1 violations use the lower Article 83 ceiling, while Tier 2 violations use the higher ceiling tied to core processing principles and data-subject rights.
Understanding those ceilings is useful for compliance budgeting and scenario analysis. This calculator lets you enter annual turnover, select the violation tier, and see the maximum statutory exposure before optional worksheet adjustments are applied. It is intended as a planning model rather than a prediction of what a regulator will actually impose.
Knowing the statutory maximum penalty helps compliance teams compare exposure with the cost of remediation, legal review, training, and governance work. The calculator is most useful for stress-testing turnover-based exposure and comparing scenarios before counsel evaluates the case-specific facts.
Tier 1 Fine = max(€10,000,000, Annual Turnover × 2%) Tier 2 Fine = max(€20,000,000, Annual Turnover × 4%) Total Exposure = Fine per Violation × Number of Violations
Result: €20,000,000 statutory ceiling
With €500M annual turnover, the Tier 2 calculation yields €20M (4% of €500M). Since the flat cap is also €20M, the statutory ceiling is €20,000,000 per violation before any worksheet adjustments.
GDPR organizes violations into two tiers with different maximum penalties. Tier 1 applies to lower-ceiling administrative and organizational failures, while Tier 2 addresses more serious breaches of core principles and data-subject protections.
Past enforcement actions can show how large real cases have been framed, but they are not a stable pricing table for future cases. Differences in facts, regulator practice, and procedure make direct comparisons unreliable.
Use this estimator as a starting point for quantifying non-compliance risk. Compare the statutory ceiling and worksheet scenarios against the cost of implementing proper data protection measures, training staff, conducting audits, and maintaining documentation.
Last updated:
This estimator first calculates the Article 83 statutory ceiling for the selected infringement tier by taking the higher of the flat cap and the turnover-based percentage, then multiplying that ceiling by the number of user-entered violations. It then applies site-defined adjustment multipliers for severity, cooperation, affected population size, and prior history to turn the statutory maximum into a directional planning estimate.
The adjusted amount is not an official regulator calculation. Supervisory authorities weigh the full Article 83 factors case by case, and linked infringements can be capped by the gravest infringement under Article 83(3). Treat the result as an exposure model for planning, not as a quoted or likely enforcement outcome.
Tier 1 covers lower Article 83 ceilings for administrative obligations, while Tier 2 uses the higher ceiling tied to more fundamental processing violations. The calculator uses those tiers only to model the statutory ceiling, not to classify a real case for you.
No. It models the statutory ceiling and a user-adjusted worksheet scenario. Real enforcement outcomes depend on facts, procedure, regulator approach, and mitigation evidence that this page cannot resolve.
Yes, GDPR applies to any organization that processes personal data of EU residents, regardless of where the company is located. This includes companies offering goods or services to EU residents or monitoring their behavior.
A single incident can involve multiple GDPR provisions, but regulators do not simply multiply penalties mechanically in every case. This page lets you model multiple violations for scenario planning only.
Mitigating factors can include cooperation, remediation, and prior compliance efforts, but this page does not encode an official Article 83 balancing method. Its adjustment factors are worksheet levers, not authoritative fine discounts.
Global annual turnover refers to the total worldwide annual revenue of the entire corporate group or undertaking in the preceding financial year. It is not limited to EU revenue or revenue from the specific business unit involved in the violation.