# GDPR Fine Estimator MCP > EU GDPR Fine Estimator: Quickly determines potential financial penalties for data breaches. This MCP calculates fine ranges based on a company's annual turnover and specific violation types. It also classifies the severity of an infringement, providing clear regulatory tiers to help assess compliance risk instantly. ## Overview - **Category:** finance - **Price:** Free - **Tags:** gdpr, compliance, regulation, legal-tech, privacy, risk-assessment ## Description Dealing with GDPR requires knowing your risk exposure before a breach happens. Instead of manually cross-referencing Article 83 with internal financial reports, this MCP calculates potential fine ranges immediately. Your agent takes key data—like annual turnover and the specific nature of the violation—and estimates the possible penalty bands. It doesn't just give you a number; it tells you *why* that number is high or low by listing known regulatory factors, such as if the breach was intentional or involved sensitive data. Need to know where this tool fits in your compliance stack? Vinkius hosts thousands of MCPs, making sure you can connect and access every specialized service without switching platforms. It also assigns a formal severity level to the violation itself, helping legal teams categorize the incident quickly. ## Prompt Examples **Prompt:** ``` Estimate the GDPR fine for a company with 50M EUR turnover that had a breach of fundamental principles. ``` **Response:** ``` Using `calculate_fine_range` with `violationType: 'breach-of-fundamental-principles'` and `annualTurnover: 50000000`, the estimated fine range is between €2,000,000 and €20,000,000. ``` **Prompt:** ``` What are the possible aggravating factors for a GDPR fine? ``` **Response:** ``` By calling `list_regulatory_factors`, the following aggravating factors are identified: intentional nature, previous infringements, large scale processing, and sensitive data involvement. ``` **Prompt:** ``` Classify the severity of a 'monitoring-failure' violation. ``` **Response:** ``` The tool `classify_infringement_severity` identifies this as a Lower Tier violation with a Medium severity rating. ``` ## Capabilities ### Calculate Fine Range Estimates potential GDPR fine bands by factoring in the company's annual turnover and the type of data breach. ### Classify Severity Tier Determines the regulatory tier of an infringement, giving a clear view of its compliance risk level. ### List Regulatory Factors Provides a reference list of all legal factors that can increase or decrease potential fines (e.g., intentionality, data sensitivity). ## Use Cases ### Assessing a Major Incident A company just suffered a large-scale data leak involving sensitive personal records. Instead of waiting days for legal review, the DPO uses the MCP to run `calculate_fine_range` with the high turnover figures and 'sensitive data' violation type. The agent returns an immediate estimate (e.g., €X to €Y million) and identifies aggravating factors like 'large scale processing', allowing the crisis team to immediately draft communications addressing the core risk. ### Pre-Deployment Risk Audit A product team is building a new feature that handles health data. The legal counsel uses the MCP's `classify_infringement_severity` tool on potential 'monitoring failure' scenarios before coding starts. This confirms the system needs to meet 'High Tier' standards, preventing costly rework later. ### Client Due Diligence A consulting firm is vetting a client that handles payment data. They use the MCP to check potential fine penalties based on historical compliance gaps. By calling `list_regulatory_factors`, they provide the client with an immediate, objective risk report detailing exactly where their current practices fall short. ### Internal Policy Update The internal audit team needs to update policies for employee training. They use the MCP's tools to model three different violation types (e.g., 'lack of consent', 'data retention breach'). This provides concrete, numerical examples during training, making compliance rules much easier for staff to grasp. ## Benefits - Move beyond guesswork. Use `calculate_fine_range` to replace vague estimates with specific, banded financial predictions based on actual company revenue and violation type. - Prioritize resources correctly. The MCP doesn't just flag a problem; it uses `classify_infringement_severity` to tell you if the issue is Low, Medium, or High risk, letting your team focus where it matters most. - Understand the 'why'. Instead of getting a single number, the tool references factors via `list_regulatory_factors`, showing exactly which legal elements increased or decreased the potential fine. - Speed up post-breach response. When an incident happens, you get an immediate classification and estimate—skipping days of manual cross-referencing between GDPR articles and financial records. - Train teams effectively. Use the MCP to run educational simulations for employees on different violation types, making compliance training specific and actionable. ## How It Works The bottom line is that you get an immediate, data-driven estimate of financial risk associated with GDPR non-compliance. 1. You provide your agent with the core details: the company's annual turnover and a description of the suspected violation. 2. The MCP runs the input through multiple models to calculate the fine range, classify the severity tier, and check for relevant aggravating or mitigating factors. 3. Your agent receives a comprehensive report showing estimated fine bands, the regulatory classification, and specific legal justifications. ## Frequently Asked Questions **How does the EU GDPR Fine Estimator MCP calculate fine ranges?** It calculates fines using your company's annual turnover data combined with the specific violation type. This provides a banded estimate, showing minimum and maximum potential penalties. **Can I use classify_infringement_severity for non-GDPR breaches?** No. This MCP is built specifically around EU GDPR standards. It uses `classify_infringement_severity` to assign a regulatory tier that aligns with European data protection law. **What if I don't know the company's turnover?** The MCP requires annual turnover for an accurate estimate via `calculate_fine_range`. While it can still classify severity, you won't get a reliable financial range without that input. **Does list_regulatory_factors cover all potential fines?** It provides a reference for supported legal factors like intentional nature and previous infringements. It helps explain the variables that influence, but does not define, the final fine amount.