← All calculators
GDPR · FREE TOOL

GDPR Fine Calculator

GDPR Article 83 caps penalties at the higher of a fixed amount or a percentage of worldwide annual turnover. Use this calculator to estimate the upper bound a Data Protection Authority could impose, then run a free audit to see which Articles you're actually exposed on.

€50.00M / year
Use parent / undertaking revenue, not just EU.
Tier 1 max (Art. 83(4))
€10.00M
Fixed €10M cap applies (higher than 2% of turnover).
Tier 2 max (Art. 83(5))
€20.00M
Fixed €20M cap applies (higher than 4% of turnover).
Run my free compliance auditGenerate policies

How this is calculated

GDPR Art. 83(4)
Tier 1 — up to €10M or 2% of total worldwide annual turnover, whichever is higher.
GDPR Art. 83(5)
Tier 2 — up to €20M or 4% of total worldwide annual turnover, whichever is higher.
EDPB Guidelines 04/2022
Methodology Supervisory Authorities use to calculate administrative fines under GDPR.

Things people get wrong

Real enforcement examples

Meta Platforms
€1.2B
Largest GDPR fine ever — EU→US data transfers under invalidated Privacy Shield framework
Amazon Europe Core
€746M
Largest GDPR fine at the time — behavioural ad targeting without valid consent
TikTok
€345M
Children's accounts defaulted to public — GDPR Articles 5, 12, 24, 25 violations

FAQ

What's the difference between Tier 1 and Tier 2 GDPR fines?
Tier 1 (Art. 83(4)) covers controller/processor obligations like records of processing, security, breach notification, and DPO designation — capped at €10M or 2%. Tier 2 (Art. 83(5)) covers core data-protection principles, lawful basis, consent, data-subject rights, and international transfers — capped at €20M or 4%.
Do small companies pay percentage-based fines?
DPAs apply proportionality. Smaller companies usually see the fixed cap or below, but the 'undertaking' concept means parent-company revenue can be pulled into the base — a small subsidiary of a large group can trigger 4% of the parent's global turnover.
Is this calculator legal advice?
No. This is an upper-bound estimator based on Article 83. Actual fines reflect 11 statutory factors including nature, gravity, duration, mitigation, and cooperation. Use ComplianceIQ's audit for a real gap analysis.

Related

GDPR audit →CCPA audit →HIPAA Penalty CalculatorData Breach Cost CalculatorCCPA / CPRA Penalty CalculatorSOC 2 Audit Cost Calculator