Live National Cyber Helpline · 0300 123 2040
Assured Cyber Protection Cyber & insurance briefing

Tools

GDPR Fine Calculator: Your Maximum UK GDPR Penalty Exposure

By the Assured Cyber Protection team · Updated 2026 · Reviewed

Under the UK GDPR, the maximum fine is not a flat figure: it is the higher of a fixed cap or a percentage of your worldwide annual turnover, and which cap applies depends on the type of breach. This calculator shows your statutory ceiling under both tiers. It is the legal maximum, not a prediction: the ICO sets real fines well below these limits and weighs how serious and how avoidable the breach was.

Work out your maximum UK GDPR fine

Group turnover for the preceding financial year, in pounds. The percentage cap is based on this figure.

Higher tier covers the lawful basis for processing, individuals' rights and international transfers. Standard tier covers a controller's or processor's duties such as security, record keeping and breach notification.

The figures are the UK GDPR statutory maximums under Article 83. They are ceilings, not likely outcomes. The ICO also uses reprimands, enforcement notices and lower fines, and considers how serious, negligent or deliberate the breach was, and how well you cooperated.

The Threat Brief

A calm, plain-English security update. Once a week.

New scams, breach lessons, and cyber insurance changes that affect UK businesses, explained without the jargon. No alarmism, no vendor spin.

Unsubscribe anytime. We never share your address.