⚖️ GDPR Fine Calculator
Enter your organisation's worldwide annual turnover and the infringement tier to see the illustrative maximum administrative fine under Article 83 — and which ceiling, fixed or percentage, governs it.
Illustrative estimate only — NOT legal advice. Consult a qualified data-protection lawyer or your supervisory authority; regulations vary by jurisdiction and change over time.
🧮 Estimate the ceiling
⚖️ Illustrative maximum exposure
This is the statutory ceiling, not a predicted fine. Actual penalties weigh the Article 83(2) factors (gravity, intent, mitigation, cooperation) and are typically a small fraction of the maximum. Illustrative estimate only — not legal advice.
What this calculator does
The GDPR caps administrative fines with a two-part formula: a fixed euro amount and a percentage of global turnover, whichever is higher. For a small organisation the fixed cap dominates; for a large one the percentage does. This tool shows both numbers side by side so you can see where your ceiling actually sits.
It is a planning aid for risk conversations, not a forecast. No regulator sets a penalty from turnover alone — the outcome turns on the specific facts and the Article 83(2) factors. Use the figure to grasp the order of magnitude, then get proper advice.
❓ Frequently Asked Questions
How are GDPR fines calculated?
Article 83 sets two tiers of maximum. Tier 1 (lower) is up to the greater of €10 million or 2% of total worldwide annual turnover of the preceding financial year; tier 2 (higher) is up to the greater of €20 million or 4%. The calculator applies whichever ceiling is larger for the tier you select. These are maximums, not the fine that would actually be imposed — informational only, not legal advice.
What is the difference between tier 1 and tier 2?
Tier 1 (Art. 83(4)) covers obligations like records of processing, security measures, DPO designation, and data-protection-by-design. Tier 2 (Art. 83(5)) covers the more serious breaches — the basic principles, lawful basis and consent, data-subject rights, and international-transfer rules. Which tier applies depends on which provision was infringed.
Will a regulator fine the maximum?
Rarely. The figures here are statutory ceilings. Actual fines weigh the Article 83(2) factors — the nature, gravity and duration of the infringement, whether it was intentional or negligent, steps taken to mitigate, past history, cooperation with the authority, and more — and are usually a fraction of the cap. Treat this as a sense of scale, not a prediction.
Is this a substitute for legal advice?
No. This tool is informational only and not legal advice. It cannot tell you your real exposure. Consult a qualified data-protection lawyer or your supervisory authority — regulations and their interpretation vary by jurisdiction and change over time.