GDPR Fine Risk Estimator

ANA›Life Services Authority›National Calculator Authority›GDPR Fine Risk Estimator

.calc-container { max-width: 640px; margin: 2rem 0; padding: 1.5rem; background: #fff; border: 1px solid #ddd; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.06); font-family: system-ui, -apple-system, sans-serif; } .calc-container h3 { font-family: Georgia, serif; font-size: 1.15rem; color: #1a1a1a; margin-bottom: 1rem; padding-bottom: 0.5rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-row { display: flex; align-items: center; gap: 0.75rem; margin-bottom: 0.75rem; flex-wrap: wrap; } .calc-row label { min-width: 160px; font-size: 0.9rem; color: #333; font-weight: 500; } .calc-row input[type="number"], .calc-row select { flex: 1; min-width: 120px; max-width: 200px; padding: 0.5rem 0.6rem; border: 1px solid #ccc; border-radius: 4px; font-size: 0.9rem; font-family: system-ui, sans-serif; color: #1a1a1a; background: #fafaf8; } .calc-row input:focus, .calc-row select:focus { outline: none; border-color: var(--ac, #3d5a80); box-shadow: 0 0 0 2px rgba(26,74,138,0.12); } .calc-row .unit { font-size: 0.82rem; color: #888; min-width: 30px; } .calc-btn { display: inline-block; margin-top: 0.5rem; padding: 0.55rem 1.5rem; background: var(--ac, #3d5a80); color: #fff; border: none; border-radius: 4px; font-size: 0.9rem; font-weight: 600; cursor: pointer; font-family: system-ui, sans-serif; } .calc-btn:hover { opacity: 0.9; } .calc-result { margin-top: 1.25rem; padding: 1rem 1.25rem; background: #f0f6fc; border-left: 3px solid var(--ac, #3d5a80); border-radius: 0 6px 6px 0; display: none; } .calc-result.visible { display: block; } .calc-result-label { font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; color: #666; margin-bottom: 0.25rem; } .calc-result-value { font-size: 1.6rem; font-weight: 700; color: var(--ac, #3d5a80); } .calc-result-detail { font-size: 0.85rem; color: #555; margin-top: 0.5rem; line-height: 1.5; } .calc-note { margin-top: 1rem; font-size: 0.8rem; color: #888; font-style: italic; } .calc-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 0.75rem; margin-top: 0.75rem; } .calc-grid-item { padding: 0.6rem 0.8rem; background: #f8f9fa; border-radius: 4px; border: 1px solid #eee; } .calc-grid-item .label { font-size: 0.75rem; color: #888; text-transform: uppercase; letter-spacing: 0.04em; } .calc-grid-item .value { font-size: 1.1rem; font-weight: 600; color: #1a1a1a; } @media (max-width: 720px) { .calc-row { flex-direction: column; align-items: flex-start; gap: 0.3rem; } .calc-row label { min-width: auto; } .calc-row input[type="number"], .calc-row select { max-width: 100%; width: 100%; } .calc-grid { grid-template-columns: 1fr; } } .calc-chart { margin: 1rem 0; text-align: center; } .calc-chart svg { max-width: 100%; height: auto; } .calc-chart-legend { display: flex; flex-wrap: wrap; justify-content: center; gap: 0.6rem 1.2rem; margin-top: 0.6rem; font-size: 0.8rem; color: #555; } .calc-chart-legend span { display: inline-flex; align-items: center; gap: 0.3rem; } .calc-chart-legend i { display: inline-block; width: 10px; height: 10px; border-radius: 2px; font-style: normal; } .calc-related { max-width: 640px; margin: 2rem 0 1rem; padding: 1.25rem 1.5rem; background: #f8f9fa; border: 1px solid #e8e8e8; border-radius: 8px; } .calc-related h3 { font-family: Georgia, serif; font-size: 1rem; color: #1a1a1a; margin: 0 0 0.75rem; padding-bottom: 0.4rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-related-list { list-style: none; padding: 0; margin: 0 0 0.75rem; display: grid; grid-template-columns: 1fr 1fr; gap: 0.4rem 1.5rem; } .calc-related-list li a { font-size: 0.88rem; color: var(--ac, #3d5a80); text-decoration: none; } .calc-related-list li a:hover { text-decoration: underline; } .calc-browse-all { margin: 0.5rem 0 0; font-size: 0.9rem; font-weight: 600; } .calc-browse-all a { color: var(--ac, #3d5a80); text-decoration: none; } .calc-browse-all a:hover { text-decoration: underline; } @media (max-width: 720px) { .calc-related-list { grid-template-columns: 1fr; } }

GDPR Fine Risk Estimator

Estimates your potential GDPR fine exposure under Articles 83(4) and 83(5) of the GDPR, based on violation severity, annual global turnover, number of data subjects affected, and mitigating or aggravating factors.

Annual Global Turnover (€)

Total worldwide annual revenue of the undertaking

Violation Tier

Lower Tier – Art. 83(4): Max €10M or 2% turnover (e.g. processor obligations, child consent, DPO rules) Upper Tier – Art. 83(5): Max €20M or 4% turnover (e.g. basic principles, data subject rights, transfers)

Select the tier matching your violation type

Number of Data Subjects Affected

Individuals whose personal data was involved

Data Sensitivity

Standard personal data Sensitive data (Art. 9): health, biometric, racial, religious, etc. Criminal conviction data (Art. 10) or children's data

Higher sensitivity increases regulatory scrutiny

Nature of Infringement

Negligent / unintentional Negligent with systemic failures Intentional or reckless

Duration of Infringement

Short-term (days to weeks) Medium-term (months) Long-term (over 1 year) Ongoing / chronic (multiple years)

Cooperation with Supervisory Authority

Full cooperation and proactive disclosure Partial cooperation Non-cooperative or obstructive

Prior Infringements

No prior infringements One prior related infringement Multiple prior infringements

Remediation Actions Taken

Comprehensive: breach contained, affected parties notified, controls improved Partial: some steps taken Minimal or no remediation

Estimate Fine Risk

function gdpCalc() { // --- Inputs --- var turnover = parseFloat(document.getElementById('gdp-turnover').value); var tier = document.getElementById('gdp-violation-tier').value; var subjects = parseFloat(document.getElementById('gdp-subjects').value); var sensitivity= parseFloat(document.getElementById('gdp-sensitivity').value); var intent = parseFloat(document.getElementById('gdp-intent').value); var duration = parseFloat(document.getElementById('gdp-duration').value); var cooperation= parseFloat(document.getElementById('gdp-cooperation').value); var prior = parseFloat(document.getElementById('gdp-prior').value); var remediation= parseFloat(document.getElementById('gdp-remediation').value);

var resultDiv = document.getElementById('gdp-result');

// --- Validation --- var errors = []; if (isNaN(turnover) || turnover 0) { resultDiv.style.display = 'block'; resultDiv.innerHTML = 'Input Errors:' + errors.map(function(e){ return ''; }).join('') + ''; return; }

// --- Step 1: Statutory Maximum Fine --- // Art. 83(4): higher of €10,000,000 or 2% of global annual turnover // Art. 83(5): higher of €20,000,000 or 4% of global annual turnover var absMax, pctMax, pctRate; if (tier === 'lower') { absMax = 10000000; pctRate = 0.02; } else { absMax = 20000000; pctRate = 0.04; } pctMax = turnover * pctRate; var statutoryMax = Math.max(absMax, pctMax);

// --- Step 2: Base Fine (% of statutory max driven by scale of breach) --- // Scale: log10 of subjects mapped to 0–1, capped at 1 // 1 subject → ~0%, 1,000,000 subjects → ~100% of statutory max var subjectScale = 0; if (subjects > 0) { subjectScale = Math.min(Math.log10(subjects) / 6, 1.0); // log10(1M)=6 } // Base fine = 10% to 60% of statutory max, scaled by subject count var basePct = 0.10 + (0.50 * subjectScale); var baseFine = statutoryMax * basePct;

// --- Step 3: Apply Multipliers (Art. 83(2) factors) --- // Combined multiplier from all factors var multiplier = sensitivity * intent * duration * cooperation * prior * remediation;

// --- Step 4: Adjusted Fine --- var adjustedFine = baseFine * multiplier;

// --- Step 5: Cap at Statutory Maximum --- var estimatedFine = Math.min(adjustedFine, statutoryMax);

// --- Step 6: Risk Band --- var riskRatio = estimatedFine / statutoryMax; var riskBand, riskColor; if (riskRatio ' + 'Violation Tier' + '' + (tier === 'lower' ? 'Art. 83(4) – Lower Tier' : 'Art. 83(5) – Upper Tier') + '' + 'Statutory Maximum Fine' + '' + fmtEur(statutoryMax) + ' (' + (tier==='lower'?'max(€10M, 2%)':'max(€20M, 4%)') + ' of turnover)' + 'Base Fine (pre-adjustment)' + '' + fmtEur(baseFine) + ' (' + fmtPct(basePct) + ' of statutory max)' + 'Combined Adjustment Multiplier' + '' + multiplier.toFixed(3) + 'x' + 'Estimated Fine Exposure' + '' + fmtEur(estimatedFine) + '' + 'As % of Statutory Maximum' + '' + fmtPct(riskRatio) + '' + 'Risk Band' + '' + riskBand + '' + '' + '⚠ This is a risk estimation tool, not legal advice. Actual fines are determined by supervisory authorities on a case-by-case basis.

'; }

#### Formula & Methodology

Step 1 – Statutory Maximum (Art. 83 GDPR):

Lower Tier (Art. 83(4)): Max(€10,000,000 ; Turnover × 2%)
Upper Tier (Art. 83(5)): Max(€20,000,000 ; Turnover × 4%)

Step 2 – Subject Scale Factor: subjectScale = min(log₁₀(subjects) / 6, 1.0) Maps 1 to 1,000,000+ affected individuals onto a 0–1 scale using a logarithmic curve.

Step 3 – Base Fine Percentage: basePct = 10% + (50% × subjectScale) Ranges from 10% (minimal exposure) to 60% of the statutory maximum.

Step 4 – Base Fine: baseFine = statutoryMax × basePct

Step 5 – Adjustment Multiplier (Art. 83(2) factors): multiplier = sensitivity × intent × duration × cooperation × prior × remediation Each factor reflects criteria listed in Art. 83(2)(a)–(k) GDPR.

Step 6 – Estimated Fine (capped at statutory max): estimatedFine = min(baseFine × multiplier, statutoryMax)

#### Assumptions & References

GDPR Art. 83(4): Infringements of processor obligations, child consent (Art. 8), privacy by design (Art. 25), DPO rules (Arts. 37–39), certification bodies (Arts. 42–43), monitoring bodies (Art. 41(4)).
GDPR Art. 83(5): Infringements of basic principles (Arts. 5–7, 9), data subject rights (Arts. 12–22), international transfers (Arts. 44–49), supervisory authority orders (Art. 58(2)).
Not legal advice. Consult a qualified data protection lawyer for formal risk assessment.

GDPR Fine Risk Estimator

GDPR Fine Risk Estimator

More Calculators

Read Next

References

Related Authorities