GDPR Fines: A Graphic Calculation Guide – Part 1

Your contacts

The European Data Protection Board (hereafter ‘EDPB’) has published Guidelines for the calculation of fines under the General Data Protection Regulation (GDPR). In a series of six articles, we will explain the key topics of the guidelines and what companies can learn from them.

European supervisory authorities’ varying practices of calculating GDPR administrative fines can be viewed, on the one hand, as inconsistent and in conflict with the principle of uniform interpretation and application of the GDPR in general and uniform sanction for GDPR infringements in particular, as enshrined in GDPR recital 10, 11 and 13.

On the other hand, European supervisory authorities’ practices of calculating administrative fines can be viewed as consistent and in harmony with the GDPR requirement to impose fines that in each individual case (1) are effective, proportionate and dissuasive, as required in GDPR article 83(1), (2) take due regard to the circumstances of each individual case, as required in GDPR article 83(2), and (3) do not exceed the maximum amounts provided for in articles 83(4) (5) and (6) GDPR.

Although the quantification of the amount of the fine is based on a specific evaluation carried out in each case and the calculation of the amount of the fine is at the discretion of the supervisory authority, subject to the rules provided for in the GDPR, the European Data Protection Board (hereafter ‘EDPB’) has used its power (according to GDPR article 70, (1) (e)) to issue two Guidelines to encourage consistent application of the GDPR for supervisory authorities concerning the application of measures referred to in Article 58(1), (2) and (3) and the setting of administrative fines pursuant to Article 83, according to GDPR article 70, (1), (k).

The two Guidelines are (1) “Guidelines on the application and setting of administrative fines for the purpose of the Regulation 2016/679 (WP253)”, and (2) “Guidelines 04/2022 on the calculation of administrative fines under the GDPR (version 1.0)”. The former guideline focuses on the circumstances in which supervisory authorities impose a fine, whilst the latter guideline focuses on the methodology to harmonise supervisory authorities’ calculation of the amount of the fine. The latter guidelines were adopted on 12 May 2022 and are open for public consultation from 16 May 2022 to 27 June 2022. The two sets of Guidelines are applicable simultaneously and should be seen as complementary.

The EDPB intends these Guidelines for use by the supervisory authorities to ensure a consistent application and enforcement of the GDPR. The aim of these Guidelines is to create a harmonised starting point as a common orientation, on the basis of which the calculation of administrative fines in individual cases can be carried out. The Guidelines emphasise that the final amount of the fine depends on all the circumstances of the case. The EDPB therefore envisages harmonisation on the starting points and methodology used to calculate a fine, rather than harmonisation on the outcome.

The EDPB has developed a methodology consisting of five steps for calculating administrative fines for breaches of the GDPR, as illustrated below. We will present each of the five steps in separate blog posts.



Share post


MLL Legal

MLL Legal is one of the leading law firms in Switzerland with offices in Zurich, Geneva, Zug, Lausanne, London and Madrid. We advise our clients in all areas of business law and stand out in particular for our first-class industry expertise in technical-innovative specialist areas, but also in regulated industries.

MLL Meyerlustenberger Lachenal Froriep


Much is still unclear in relation to liability questions around AI tools.

Read our latest post about “Liability during the Lifecycle of an AI Tool” and download our white paper.

Show article.

Our Story

MLL Legal is a leading Swiss law firm with a history that dates back to 1885. The firm has grown both organically and by means of strategic mergers, the latest of which took place on 1st July 2021 between Meyerlustenberger Lachenal and FRORIEP.

The merger establishes MLL Legal, a combined new entity as one of the largest commercial law firms in Switzerland with 150 lawyers in four offices in Switzerland and two offices abroad, in London and Madrid serving clients seeking Swiss law advice.

Our firm has a strong international profile and brings together recognised leadership and expertise in all areas of law affecting commerce today, with a focus on high-tech, innovative and regulated sectors. 

About us


Click here for our latest publications


Read all our legal updates on the impact of COVID-19 for businesses.

COVID-19 Information

Job openings

Looking for a new challenge?

Our talented and ambitious teams are motivated by a common vision to succeed. We value open and straightforward communication accross all levels of the organisation in a supportive working environment.

Job openings

Firm News

Click here for our latest firm news.

Our Team

The regulatory and technological landscape continually require businesses to adapt and evolve.
Our 150+ lawyers are continuously innovating and striving for improvement in everything they do. We embrace new ideas and technologies, combining our wealth of expertise with creative thinking and diligence. With our hands-on approach, we implement viable solutions for the most complex legal challenges.

Our Team.

LexCast – the podcast series by MLL NexGen

Smart legal education on the go. The LexCast hosted by MLL NexGen provides legal insights in a short format that allows listeners to educate themselves on and about legal issues wherever they are and whenever they find the time.

Listen to our podcast series – stay tuned.

MLL Legal on Social Media

Follow us on LinkedIn.