GDPR Fine Calculator
Estimate the maximum GDPR penalty from annual turnover and infringement tier.
Updated: June 26, 2026
How GDPR fines are capped
The EU General Data Protection Regulation sets fines on a two-tier system, and each tier is "whichever is higher" of a fixed cap or a percentage of global annual turnover. That percentage clause is what makes GDPR fines so significant for large companies — a percentage of worldwide revenue can dwarf the fixed cap. This calculator shows both figures and which one applies.
The two tiers
- Lower tier — up to €10M or 2% of global annual turnover. For infringements like inadequate records, security failings, or not notifying a breach on time (Articles 8, 11, 25–39, 42, 43).
- Upper tier — up to €20M or 4% of global annual turnover. For the most serious violations: breaching the basic principles, ignoring data subject rights, or unlawful international transfers (Articles 5, 6, 7, 9, 12–22, 44–49).
"Up to" is the key phrase
These are maximums, not automatic penalties. Supervisory authorities set the actual fine using factors in Article 83: the nature and gravity of the infringement, whether it was intentional or negligent, steps taken to mitigate harm, prior violations, and cooperation with the authority. The severity slider in this tool produces a rough illustrative figure between zero and the maximum — treat it as a thinking aid, not a prediction.
Why it matters beyond the fine
The penalty is only part of the cost. A serious GDPR enforcement action usually comes with mandatory remediation, audits, reputational damage and the breach response costs you can estimate with our data breach cost estimator. Strong data protection is far cheaper than enforcement — frame the investment with the security ROI calculator.
This is not legal advice
GDPR is complex and fact-specific. This tool illustrates the statutory ceilings only; it cannot assess your actual exposure. For a real compliance position, consult a qualified data protection lawyer or your DPO.
Frequently asked questions
What is the maximum GDPR fine?
For the most serious infringements, up to €20 million or 4% of global annual turnover, whichever is higher. Lesser infringements are capped at €10 million or 2%.
Is the fine based on revenue or profit?
The percentage is calculated on global annual turnover (total worldwide revenue) of the preceding financial year — not profit.
Does every violation get the maximum fine?
No. The caps are maximums. Authorities weigh factors like severity, intent, mitigation, and cooperation under Article 83 to set the actual amount, which is often far below the ceiling.
Is this calculator legal advice?
No. It illustrates the statutory maximums only. Your real exposure depends on many legal factors — consult a data protection lawyer or DPO.
Stay on the right side of GDPR
Compliance tooling is cheaper than enforcement:
- Privacy / consent management platform Manage consent, data subject requests and records of processing to reduce upper-tier exposure.
- Data protection (DPO) services Ongoing expert guidance to keep processing lawful and demonstrate accountability to regulators.
Learn more
Related tools
- Data Breach Cost EstimatorEstimate the financial impact of a data breach from records exposed and per-record cost.
- Security ROI (ROSI) CalculatorCompute the return on a security investment from expected loss and mitigation effectiveness.
- Password Policy GeneratorTurn your password rules into a written policy plus Linux PAM and Windows config.
- Ransomware Downtime Cost CalculatorEstimate the total impact of a ransomware attack from downtime, recovery and ransom.