Free 1 day pentest availableBook a call
Lynx Assurance
LynxAssurance
Back to home

What's your security risk worth?

Estimate potential regulatory penalties by region and sector. Based on current law (GDPR, UK GDPR, CCPA, VCDPA, CPA, HIPAA, LGPD, PDPA, APPI, and more). For awareness only — not legal advice.

Your context

Important disclaimer

  • Estimates only. All penalty figures shown are illustrative estimates based on current public law and regulator guidance. They are not predictions of actual fines or enforcement outcomes.
  • Sales and awareness tool. This calculator is intended to help you understand the scale of regulatory risk and the value of assurance. It is not a compliance or legal analysis tool.
  • Actual penalties depend on the specific facts, jurisdiction, regulator discretion, cooperation, prior history, and many other factors. Real outcomes can be higher or lower.
  • Not legal advice. This tool does not constitute legal, compliance, or professional advice. For decisions about your organisation, consult qualified legal or compliance advisers.

Laws by region

  • European Union (EEA): Up to €20M or 4% of global annual turnover (whichever is higher) for substantive violations.
  • United Kingdom: Up to £17.5M or 4% of total worldwide annual turnover for serious breaches.
  • California, USA: Statutory damages $107–$799 per consumer per incident; administrative fines $2,663–$7,988 per violation.
  • United States (Healthcare): Tiered penalties per violation. Tier 4 (willful neglect): $71,162–$2,134,831 per violation, annual cap $2.13M.
  • Australia: Serious violations: greater of AUD $50M, 30% of turnover during breach period, or 3× benefit obtained.
  • Canada: Up to CAD $100,000 per violation for private-sector organizations.
  • Brazil: Up to 2% of revenue in Brazil (max BRL 50M per violation); daily fines until compliance.
  • Virginia, USA: Up to $2,500 per unintentional violation, $7,500 per intentional violation. 30-day cure period.
  • Colorado, USA: $2,000–$20,000 per violation; total cap $500,000. 60-day cure period.
  • Singapore: Fines up to SGD 1M for certain violations. PDPC may impose financial penalties based on impact.
  • Japan: Monetary penalties for violations; amounts set by Personal Information Protection Commission.

Get assured

Tell us about your project and we'll be in touch within 1-2 business days.

Basic Information

Or email us directly at hello@lynxassurance.com

Get assured

Clear deliverables, defined timelines, and senior accountability. Book a call to discuss your assurance needs.