GDPRIQ

⚖️ GDPR Fine Calculator

Enter your organisation's worldwide annual turnover and the infringement tier to see the illustrative maximum administrative fine under Article 83 — and which ceiling, fixed or percentage, governs it.

Illustrative estimate only — NOT legal advice. Consult a qualified data-protection lawyer or your supervisory authority; regulations vary by jurisdiction and change over time.

🧮 Estimate the ceiling

Group turnover of the preceding financial year.
Tier 1: €10M or 2%. Tier 2: €20M or 4%. Whichever is higher.

⚖️ Illustrative maximum exposure

Estimated maximum fine (Article 83(5))
€20,000,000
Fixed statutory cap
€20,000,000
4% of turnover
€2,000,000
Ceiling that governs
Fixed cap

This is the statutory ceiling, not a predicted fine. Actual penalties weigh the Article 83(2) factors (gravity, intent, mitigation, cooperation) and are typically a small fraction of the maximum. Illustrative estimate only — not legal advice.

What this calculator does

The GDPR caps administrative fines with a two-part formula: a fixed euro amount and a percentage of global turnover, whichever is higher. For a small organisation the fixed cap dominates; for a large one the percentage does. This tool shows both numbers side by side so you can see where your ceiling actually sits.

It is a planning aid for risk conversations, not a forecast. No regulator sets a penalty from turnover alone — the outcome turns on the specific facts and the Article 83(2) factors. Use the figure to grasp the order of magnitude, then get proper advice.

❓ Frequently Asked Questions

How are GDPR fines calculated?

Article 83 sets two tiers of maximum. Tier 1 (lower) is up to the greater of €10 million or 2% of total worldwide annual turnover of the preceding financial year; tier 2 (higher) is up to the greater of €20 million or 4%. The calculator applies whichever ceiling is larger for the tier you select. These are maximums, not the fine that would actually be imposed — informational only, not legal advice.

What is the difference between tier 1 and tier 2?

Tier 1 (Art. 83(4)) covers obligations like records of processing, security measures, DPO designation, and data-protection-by-design. Tier 2 (Art. 83(5)) covers the more serious breaches — the basic principles, lawful basis and consent, data-subject rights, and international-transfer rules. Which tier applies depends on which provision was infringed.

Will a regulator fine the maximum?

Rarely. The figures here are statutory ceilings. Actual fines weigh the Article 83(2) factors — the nature, gravity and duration of the infringement, whether it was intentional or negligent, steps taken to mitigate, past history, cooperation with the authority, and more — and are usually a fraction of the cap. Treat this as a sense of scale, not a prediction.

Is this a substitute for legal advice?

No. This tool is informational only and not legal advice. It cannot tell you your real exposure. Consult a qualified data-protection lawyer or your supervisory authority — regulations and their interpretation vary by jurisdiction and change over time.