About GDPRFine.com
An independent reference for GDPR enforcement: published fines, regulator decisions, fine calculation methodology and likely-fine modelling. Operated by Digital Signet, founded by Oliver Wakefield-Smith. A sister to gdprcompliancecost.com, focused specifically on the enforcement-and-fines side of the GDPR question rather than the implementation cost.
Why we built it
GDPR fine reporting is fragmented: each Data Protection Authority publishes decisions in its own format, in its own language, on its own cadence. The CMS Enforcement Tracker and GDPRhub aggregate, but their interfaces are tooled for legal practitioners rather than buyers trying to budget the risk. This site exists to publish enforcement statistics by sector, country and infringement type, plus a likely-fine modelling tool that takes turnover and infringement type and returns a defensible band based on past similar cases. The data slices have authoritative sources per slice; the modelling itself is a working tool, not a legal opinion.
Who runs this site
Oliver runs Digital Signet, an independent AI-development studio that builds data-led pricing and decision tools using public datasets. After 20 years as a solutions architect and tech lead across media, utilities, satellite, and data, he founded Digital Signet to apply autonomous AI development methodology to real software at scale.
Reach Oliver: [email protected]. Profile: LinkedIn.
About the studio
This site is operated by Digital Signet, an independent AI-development studio founded by Oliver Wakefield-Smith. It is part of a portfolio of consumer cost-reference and calculator sites we run as a live R&D lab for our Signet methodology, an autonomous AI development team that ships real software at scale.
Digital Signet does not sell GDPR consultancy, does not run a DPO-as-a-service practice, does not represent any data subject in a GDPR claim, and does not accept paid placements from any vendor in the privacy or compliance space. Editorial direction is set by Oliver. Drafts are produced via Digital Signet's autonomous AI development methodology and reviewed against the editorial framework before publication.
For consulting enquiries (fractional CTO, AI product strategy, autonomous-dev-team setup): see digitalsignet.com.
What we hold to
- Source pattern. Multiple authoritative sources, each used for the slice it is authoritative on.
- No paid placements. Does not sell GDPR consultancy, does not run a DPO-as-a-service practice, does not represent any data subject in a GDPR claim, and does not accept paid placements from any vendor in the privacy or compliance space. Independent of every named third party in the relevant space.
- Math is documented inline. Where the site has a calculator, inputs and assumptions are visible on the calculator page. Nothing is hidden behind opaque scoring.
- Update only when underlying reality changes. Triggers: Each new published fine added to the CMS Enforcement Tracker or GDPRhub (continuous); Major DPA decision that changes likely-fine modelling for a specific infringement type; Regulatory framework change (Data (Use and Access) Act 2025 implementation, EDPB guideline updates); EU member state adopts a national-implementation rule that materially shifts national fine bands.
Contact
For corrections, methodology questions, or scenarios that don't fit cleanly: [email protected].