Educational Tool
GDPR Fine Calculator
Understand your organisation's potential fine exposure under GDPR Article 83. This educational tool calculates statutory maximum caps and provides illustrative scenario ranges based on published regulatory methodologies.
Organisation Details
Turnover is processed locally in your browser. No data is sent to any server.
Data processing principles, lawful basis, consent, data subject rights, transfers
Moderate factors, typical regulatory response
Article 83(2) Factors0 adjusted
How GDPR Fines Are Calculated
Understanding the regulatory framework behind administrative fines.
Statutory Caps (Article 83)
GDPR sets two tiers of maximum fines. The lower tier (Article 83(4)) allows fines up to €10 million or 2% of total worldwide annual turnover, whichever is higher. The upper tier (Articles 83(5) and 83(6)) allows fines up to €20 million or 4% of turnover.
What Determines the Tier?
Lower tier violations include failures in technical and organisational measures, data protection by design, record-keeping, and security breach notifications. Upper tier violations include infringements of data processing principles, lawful basis, consent, data subject rights, and international transfers.
Factors Affecting Actual Fines
Article 83(2) lists factors regulators consider: nature, gravity and duration of the infringement; intentional or negligent character; mitigation actions; degree of cooperation; categories of personal data affected; prior infringements; and whether the infringement was notified.
Regulatory Methodology
The EDPB Guidelines 04/2022 provide a harmonised five-step methodology for EU supervisory authorities. The ICO publishes detailed step-based calculation guidance. Both emphasise that fines must be effective, proportionate, and dissuasive.
Important Disclaimer
This is an educational estimator only. Supervisory authorities determine fines case-by-case using their discretion. The statutory caps are objective calculations based on GDPR Article 83. The scenario ranges are illustrative estimates informed by published methodologies and do not predict actual regulatory outcomes.
This tool does not constitute legal advice. Turnover data is processed locally in your browser and is not stored or transmitted to any server.
Reduce Your Risk Exposure
Acompli helps organisations operationalise GDPR compliance through intelligent automation of DPIAs, risk registers, and Article 30 records.