1. Classification of the company in a size class
The first step is to classify the company in a size class on the basis of the total worldwide sales of the previous year. A distinction must be made between micro-enterprises (annual sales up to € 2 million), small and medium-sized enterprises (annual sales between € 2 and 50 million) and large companies (annual sales over € 50 million).
2. Determination of the company’s mean annual turnover
In the next step, the company’s mean annual turnover is determined using the following table. This is based on the specifications of the data protection conference. The mean value of the sales range of the respective group of companies always applies. In our GDPR fine calculator you will find out which category your company belongs to immediately after entering your annual turnover.
Unterkategorie |
|
A
Kleinstunternehmen
≤ 2 Mio. €
|
B
Kleine
Unternehmen
≤ 10 Mio. €
|
C
Mittlere Unternehmen
≤ 50 Mio. €
|
D
Groß-unternehmen
> 50 Mio. €
|
I |
Jahresumsatz |
≤ 700.000 € |
≤ 5 Mio. € |
≤ 12,5 Mio. € |
≤ 75 Mio. € |
Mittlerer Jahresumsatz |
350.000 € |
3,5 Mio. € |
11,25 Mio. € |
62,5 Mio. € |
II |
Jahresumsatz |
≤1,4 Mio. € |
≤ 7,5 Mio. € |
≤ 15 Mio. € |
≤ 100 Mio. € |
Mittlerer Jahresumsatz |
1.050.000 € |
6,25 Mio. € |
13,75 Mio. € |
87,5 Mio. € |
III |
Jahresumsatz |
≤ 2 Mio. € |
≤ 10 Mio. € |
≤ 20 Mio. € |
≤ 200 Mio. € |
Mittlerer Jahresumsatz |
1,7 Mio. € |
8,75 Mio. € |
17,5 Mio. € |
150 Mio. € |
IV |
Jahresumsatz |
|
|
≤ 25 Mio. € |
≤ 300 Mio. € |
Mittlerer Jahresumsatz |
|
|
22,5 Mio. € |
250 Mio. € |
V |
Jahresumsatz |
|
|
≤ 30 Mio. € |
≤ 400 Mio. € |
Mittlerer Jahresumsatz |
|
|
27,5 Mio. € |
350 Mio. € |
VI |
Jahresumsatz |
|
|
≤ 40 Mio. € |
≤ 500 Mio. € |
Mittlerer Jahresumsatz |
|
|
35 Mio. € |
450 Mio. € |
VII |
Jahresumsatz |
|
|
≤ 50 Mio. € |
> 500 Mio. € |
Mittlerer Jahresumsatz |
|
|
45 Mio. € |
Konkreter Jahresumsatz |
3. Determination of the basic economic value
After assigning the company’s average annual turnover, the basic economic value is determined using the following formula:
Economic base value = mean annual turnover: 360 (days)
4. Multiplication of the basic economic value according to the degree of severity (circumstances related to the offense)
Finally, the basic economic value is multiplied by a factor which, depending on the severity of the violation, can be between 1-12.
SCHWEREGRAD |
FAKTOR FÜR FORMELLE VERSTÖSSE GEMÄSS ART. 83 ABS. 4 DSG |
FAKTOR FÜR MATERIELLE VERSTÖSSE GEMÄSS ART. 83 ABS. 5, 6 DSG |
Leicht |
1 bis 2 |
1 bis 4 |
Mittel |
2 bis 4 |
4 bis 8 |
Schwer |
4 bis 6 |
8 bis 12 |
Sehr Schwer |
6 |
|
Umsatz über 500 Mio |
2 % |
4 % |
From an annual turnover of over 500 million euros, a flat rate of 2% for formal violations according to Art. 83 Para. 4 GDPR and 4% for material violations according to Art. 83 Para. 5 and 6 GDPR are applied, so that a calculation is based on the respective company of the actual turnover.
Not sure which category your violation falls into? Read directly in the GDPR.
5. Adjustment of the basic economic value (perpetrator-related circumstances)
Finally, circumstances that have not yet been taken into account, which speak for and against the company concerned (e.g. negligence, intent, cooperation of the company), are assessed at the discretion of the supervisory authority.
In summary, it can be said that calculating the fine according to the concept of the data protection conference appears to be quite simple at first glance. Determining the individual components is the actual effort. In addition, the amounts cannot be finally determined by the adjustment of the respective supervisory authority, which is why online GDPR fine calculators can only output an approximate amount.