What is a typical GDPR fine for small websites?

For small and medium-sized website operators, fines typically range from €5,000 to €100,000, depending on the type and duration of the breach. A common case: a missing or inadequate privacy policy usually results in lower fines (€5,000–€20,000), whereas unlawful tracking cookies typically cost €30,000–€100,000. The average fine imposed in the EU is around €2.28 million – this average is driven upward by large corporations. For SMEs, this means: if you respond quickly and fix errors, you often stay below this average. Authorities consider company size and willingness to cooperate when determining penalties.