Submit a new fine
Want to share with us a fine which we have not yet included in the list? Feel free to submit it here.
Please note that we only list GDPR fines, i.e. no fines imposed under (1) national / non-European laws, (2) non-data protection laws (e.g. competition laws / electronic communication laws) and (3) "old" pre-GDPR-laws.
. Adding a link to the source of the fine is mandatory, all other details support us in adding the fine to the database as quick as possible.
Thank you for your input!
Fine Models by DPAs
[x] Remove all filters
Filter by country:
Filter by violation (Art.):
This GDPR fine estimation is based on the calculation model published by the "Conference of the Independent Data Protection Supervisory Authorities" (DSK) from October 14, 2019, which can be accessed at
Please note that this is only an estimate. The actual fine may be lower or higher. CMS assumes no liability for the accuracy of the calculation or actuality with the DPAs fine model.
Step 1: Calculation of the basic economic value of the company
Total worldwide revenues of the previous year:
If the annual turnover exceeds € 500 million, the calculation is based on the actual turnover. Enter amount in EUR without decimals, units and punctuation:
Company size class:
Average annual revenue of the size class:
Actual annual revenue:
Basic economic value (daily rate):
Step 2: Evaluation of the severity of the violation
Please select whether a formal or material breach of the GDPR occurred:
Formal infringement (Art. 83 (4) GDPR)
Material infringement (Art. 83 (5),(6) GDPR)
Please rate the severity of the violation relating to the violation itself:
The evaluation takes place on the basis of the criteria catalog of Art. 83 (2) GDPR. To be considered, among other aspects: Type, extent and purpose of the data processing, categories of the personal data concerned, number of the persons concerned and extent of the damage suffered, intent or negligence of the infringement, measures taken to mitigate the damage.
Multiplier range due to severity of violation:
On the basis of the company's total worldwide revenues in the previous year and the severity of the violation, the fine is estimated as follows:
Step 3: Consideration of additional circumstances
This interim result will be further adjusted on the basis of all circumstances in favour of and against the controller, insofar as such circumstances have not yet been taken into account. This includes in particular all subjective, controller-related circumstances (again see catalogue of criteria in Art. 83 (2) GDPR) as well as other circumstances, such as a long duration of the proceedings or an imminent insolvency of the company.
Arguments for reduction of fine, e.g.:
Arguments for increase of fine, e.g.:
Effective measures taken to reduce damage
Inaction of the controller
Effective cooperation with supervisory authority
No cooperation with supervisory authority