EDPB Guidelines 04/2022
90 seconds. Twelve questions. The calculator applies the same five-step methodology European data protection authorities use to set fines under Article 83 GDPR. No signup. No tracking. The result is yours to screenshot, share, or ignore.
Three quick questions to set the regulatory baseline. EDPB Guidelines treat company size as a factor in fine calculation.
Your estimated GDPR exposure
Per major enforcement event, applying EDPB Guidelines 04/2022 methodology
The architectural answer
No personal data leaves your infrastructure. Synthetic substitution happens client-side before any prompt reaches a US LLM. Articles 44 through 49 do not apply when there is no transfer of personal data. The other articles (DPIA, lawful basis, security) still require your work. UBava removes the transfer exposure, not the entire compliance burden.
Read the architecture →Three most recent significant GDPR fines. Updated weekly.
Translation powered by UBava
Methodology and sources
This calculator implements EDPB Guidelines 04/2022 on the calculation of administrative fines under the GDPR, adopted 24 May 2023 (Version 2.1). The five-step methodology (identification of processing operations, starting point calculation, aggravating and mitigating factor evaluation, legal maximum cap, and final dissuasiveness assessment) is applied as published. Starting points are calibrated against approximately twenty real enforcement decisions including Intesa Sanpaolo (Garante, March 2026), TikTok (Irish DPC, May 2025), Meta (Irish DPC, May 2023), and LinkedIn (Irish DPC, October 2024). Precedent data sourced from GDPRhub and individual DPA decisions.
Results are estimates. GDPR fines are determined at the discretion of supervisory authorities based on full case facts, not on inputs to a calculator. The range shown reflects the inherent variance in DPA decisions for similar profiles. Nothing here constitutes legal advice. No personal data from your inputs is stored or transmitted. Calculation runs entirely in your browser.