Regulatory Penalty Calculator
Estimate worst-case regulatory fines for your breach. Know the financial exposure before the regulators call.
Calculate Your Potential Penalties
Fill out the form to calculate estimated penalties
Understanding Regulatory Penalties
GDPR (EU/UK)
Whichever is higher. Factors: breach severity, data volume, company cooperation, prior violations.
HIPAA (US Healthcare)
Per violation, not per record. Categories: Reasonable cause, willful neglect (corrected/uncorrected).
California (CCPA/CPRA)
Plus private right of action for certain data types. Class actions are common.
Other US States
50+ states have breach notification laws. Most impose per-violation fines.
Recent Notable Penalties
Meta (Facebook) - GDPR
€1.2 billion fine for data transfers to US without adequate safeguards (2023)
Amazon - GDPR
€746 million fine for data processing violations (2021)
Anthem - HIPAA
$16 million HIPAA settlement for 79M record breach (2018)
Equifax - Multi-State Settlement
$575 million settlement with FTC, CFPB, states for 147M record breach (2019)
Frequently Asked Questions
How much is a GDPR fine for a data breach?
GDPR fines can reach €20 million or 4% of global annual revenue (whichever is higher) for the most serious violations. Lower-tier violations carry maximum fines of €10 million or 2% of revenue. Actual fines depend on severity, company cooperation, and mitigation efforts.
What is the penalty for HIPAA breach?
HIPAA penalties range from $100 to $50,000 per violation, with an annual maximum of $1.5 million per violation category. Willful neglect carries higher penalties. HHS OCR considers factors like harm caused, organization size, and past violations when determining fines.
How are state breach notification penalties calculated?
State penalties vary widely. California can fine up to $7,500 per violation. New York up to $20 per affected individual with $250,000 cap. Most states impose per-violation or per-record fines, with aggravating factors increasing amounts.