Cybrology
FeaturesHow it worksPricingFAQ
Free security tools
Password strength checkerScore any password instantlyEmail breach checkerSee if your email leakedDark web exposure checkSee if your credentials leakedGDPR fine estimatorModel your exposureRansomware cost calculatorEstimate total incident cost
Sign inStart free assessment
Cybrology

The intelligent risk assessment solution for cybersecurity compliance, training oversight, and audit preparedness.

Product
Features
Resources
Help center
Legal
PrivacyTermsDPACookies
© 2026 Cybrology, Inc. All rights reserved.

GDPR Fine Calculator

TOOL 04

GDPR Fine Calculator

Adjust the sliders to see your potential GDPR exposure in real time, benchmarked against real penalties issued by EU data-protection authorities.

€10M

Total worldwide turnover for the preceding financial year.

6 / 10

Impact on data subjects — 1 (minimal) to 10 (severe).

1,000 – 10,000

How many people had data exposed.

Special-category data?

Health, biometric, genetic, religious or other Article 9 data.

Your estimated GDPR exposure

€5M

Range €2.3M – €8M

Article 83(4) · Standard-tier infringement
Statutory maximum
€10,000,000
Real-world comparable
On par with the €5M fine against Spotify
IMY (Sweden), 2023 — 58M SEK

GDPR caps fines at €10M or 2% of global annual turnover, whichever is higher. This figure is an advisory estimate based on the inputs above — it is not legal advice and does not predict any actual penalty.

Get your compliance gap report (free) — take the 2-minute risk checkSee GDPR compliance courses
More free tools
Password strength checkerEmail breach checkerDark web exposure checkRansomware cost calculatorCyber hygiene quick scoreAttack surface preview
Gamified simulation

Can you spot the phish?

+100 XP
GDPR fine notice — action required within 24 hours

Which sign most reliably reveals a phishing email?

Which sign most reliably reveals a phishing email?

Recent GDPR fines, explained

The largest penalties — Meta with €1.2B for transfers, Instagram with €405M and TikTok with €345M — show regulators will use the full 4%-of-turnover cap for systemic failures. Most fines, however, fall well below the maximum.

What triggers maximum fines

Breaching the basic principles of processing, ignoring data-subject rights, unlawful international transfers, and mishandling special-category data all fall under the higher Article 83(5) tier — and weigh heavily on the final figure.

How to reduce your exposure

Demonstrable accountability lowers fines: a record of processing, a tested incident response plan, staff training, and prompt 72-hour breach notification are all mitigating factors under Article 83(2).

Frequently asked questions

How much could I be fined under GDPR?
GDPR fines are capped at €20 million or 4% of global annual turnover (whichever is higher) for the most serious infringements, and €10 million or 2% for lesser ones. The actual amount depends on severity, the number of people affected, the type of data, and whether the breach was negligent or intentional.
What is the difference between Article 83(4) and 83(5)?
Article 83(4) covers lower-tier infringements such as records and security of processing, capped at €10M or 2% of turnover. Article 83(5) covers higher-tier infringements of basic principles, data-subject rights and international transfers, capped at €20M or 4% of turnover.
Does involving special-category data increase the fine?
Yes. Special-category data such as health, biometric, genetic and religious belief data (Article 9) is treated as higher-tier and is an aggravating factor that pushes estimated exposure toward the upper cap.

Disclaimer: this calculator provides an advisory estimate for informational purposes only. It is not legal advice and does not predict any actual fine. Penalties are determined by the relevant supervisory authority on a case-by-case basis under Article 83 of the GDPR. Comparable fines are final amounts reported in public data-protection authority decisions.