Free GDPR Fine Calculator

Estimate potential financial penalties for GDPR non-compliance based on your company's revenue.

Maximum Potential Fine

€0

Based on the higher of €20,000,000 or 4% of annual global revenue.

Don't risk a GDPR fine over unauthorized cookies.

One of the most common causes for GDPR fines is failing to obtain valid consent before dropping tracking cookies. Audit your site right now to see if you are at risk.

Check Your Cookie Risk

Understanding GDPR Fines and Penalties

The General Data Protection Regulation (GDPR) gives Data Protection Authorities (DPAs) significant power to impose severe administrative fines on organizations that violate privacy standards. These fines are designed to be "effective, proportionate, and dissuasive."

The Two Tiers of GDPR Fines

GDPR establishes two tiers of administrative fines, depending on the severity of the infringement:

  • The Lower Tier (Article 83(4)): Fines up to €10 million or 2% of the firm's worldwide annual revenue from the preceding financial year, whichever is higher. This applies to infringements like failing to integrate data protection "by design and by default," failing to maintain records of processing activities, or failing to notify the supervising authority of a data breach.
  • The Higher Tier (Article 83(5)): Fines up to €20 million or 4% of the firm's worldwide annual revenue from the preceding financial year, whichever is higher. This applies to more serious violations, such as violating the basic principles for processing (including the conditions for consent) or violating data subjects' rights (like the right to erasure or access).

Cookies, Consent, and GDPR Risk

Under GDPR and the ePrivacy Directive, tracking cookies (such as those used for analytics and marketing) require explicit, informed, prior consent. Because "conditions for consent" fall under the basic principles of processing, dropping tracking cookies before a user clicks "Accept" on your cookie banner exposes your organization to the Higher Tier of potential fines.

DPAs across Europe (like the CNIL in France, the ICO in the UK, and the AEPD in Spain) have increasingly targeted cookie violations, handing out fines ranging from thousands to millions of euros for seemingly minor website configuration errors.

The best defense against these fines is proactive monitoring. Using tools like the ConsentScope Chrome Extension allows developers and compliance officers to simulate user sessions and ensure no third-party scripts are leaking data without verified consent.