How to use the violation database and Forensic Risk Anchor

APR 2026 · GUIDE

The violation database contains every known Dutch privacy and accessibility violation, linked to penalty frameworks and primary sources. The Forensic Risk Anchor (the calculator in the right sidebar on desktop, bottom tray on mobile) translates those violations into a conservative estimate of maximum financial exposure. Below is a step-by-step walkthrough.

1) Searching the ledger

The search field at the top filters on free text: legal articles, keywords, or penalty frameworks. Try Art. 13 GDPR, cookie consent, or accessibility.

• Regime — filters by legal framework (GDPR, Telecommunicatiewet, EAA, Wft).
• Regulator — shows violations from a specific authority (AP, ACM, AFM).
• Risk level — Low / Medium / High, derived from penalty ceilings and enforcement frequency.
• Category — Privacy, Accessibility, etc.

Filters stack. The ledger adjusts the result count and breadcrumb chips. The calculator responds too: filtering for "Accessibility" moves the EAA card to the top.

2) Reading a violation card

Each card has three columns (on desktop):

• Left — risk badge, title, category tags, and a short penalty summary.
• Center — legal basis (statute articles) and example cases with source links.
• Right — penalty frameworks with ceilings, and primary source links (wetten.overheid.nl, EUR-Lex).

The blurred block is the expert layer: technical remediation advice available with a pro account.

3) The Forensic Risk Anchor

The calculator estimates maximum financial exposure per penalty framework. It compares two types of ceiling: a fixed euro amount and a percentage of annual turnover.

4) Choosing entity mode

Select SME or Enterprise. The difference is in the contextual notes per scenario: for SMEs the fixed ceiling often dominates until turnover scales materially, while for enterprises the turnover component can outrun the cap quickly. The default is Enterprise.

5) Entering turnover (optional)

The turnover field is deliberately optional. Leave it empty and the calculator shows only the fixed ceilings (e.g. €20,000,000 for GDPR Tier 2, €900,000 for ACM Cookie Consent). Enter your worldwide annual turnover and it calculates the turnover percentage (e.g. 4% of turnover) and displays whichever is higher.

6) Understanding scenarios

• GDPR Tier 1 — max(€10M, 2% turnover). Data subject rights, records of processing, etc.
• GDPR Tier 2 — max(€20M, 4% turnover). Core principles, lawfulness, international transfers.
• ACM Cookie Consent — max(€900,000, 1% turnover). Telecommunicatiewet art. 11.7a / 15.4.
• EAA Telecom Accessibility — max(€900,000, 1% turnover). European Accessibility Act via Tw.
• EAA Banking Services — €1,000,000 fixed ceiling. Wft art. 1:81 with potential sector uplifts.
• Others — Public sector, e-commerce, media, products, transport: the ledger lists the regime but the dataset does not yet provide a standardized amount.

7) Mobile: the Risk Tray

On mobile and tablet a bottom bar shows MAX RISK EXPOSURE and the amount. Tap it to expand the full calculator. The bar updates automatically when you change filters or inputs.

Sources

• GDPR (EU) 2016/679 — EUR-Lex
• Telecommunicatiewet (BWBR0009950) — wetten.overheid.nl
• European Accessibility Act (EU) 2019/882 — EUR-Lex
• ACM — Cookies plaatsen