Submit a new fine
Want to share with us a fine which we have not yet included in the list? Feel free to submit it here.
Please note that we only list GDPR fines, i.e. no fines imposed under (1) national / non-European laws, (2) non-data protection laws (e.g. competition laws / electronic communication laws) and (3) "old" pre-GDPR-laws.
. Adding a link to the source of the fine is mandatory, all other details support us in adding the fine to the database as quick as possible.
Thank you for your input!
Fine Models by DPAs
[x] Remove all filters
Filter by country:
Filter by violation (Art.):
This GDPR fine estimation is based on the calculation model published by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) from March 14, 2019, which can be accessed at
Please note that this is only an estimate. The actual fine may be lower or higher. CMS assumes no liability for the accuracy of the calculation or actuality with the DPAs fine model.
Please rate the severity of the violation relating to the violation itself:
(Simple Violations such as lack of information about DPO in privacy notice)
(Lack of fulfillment of certain processing requirements such as missing processing agreements with processors)
(Violations such as failure to notify data breaches or non-cooperation with DPAs)
(Severe violations such as unlawful processing of special categories of data)
On the basis of the severity of the violation, the fine is estimated as follows:
Consideration of additional circumstances
This interim result will be further adjusted on the basis of all circumstances in favour of and against the controller. This includes in particular all subjective, controller-related circumstances (see catalogue of criteria in Art. 83 (2) GDPR) as well as other circumstances, such as a long duration of the proceedings or an imminent insolvency of the company.