Skip to content

GDPR enforcement in 2025

718 decisions · €1.2B total fines · ← 2024 · 2026 →

Date ↓ Company / party Authority Articles Fine
2025-09-25 Comune di Isola del Gran Sasso
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 10Art. 12 €3,000
2025-09-25 Green.mec. s.r.l.
Insufficient fulfilment of data subjects rights
🇪🇺 Italian Data Protection Authority (Garante) Art. 13Art. 15 €1,000
2025-09-25 Green.mec. s.r.l.
Insufficient fulfilment of data subjects rights
🇪🇺 Italian Data Protection Authority (Garante) Art. 13Art. 15 €1,000
2025-09-25 SERVACE S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 6 €840
2025-09-25 SERVACE S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 6 €840
2025-09-23 Property manager
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €600
2025-09-23 Property manager
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €600
2025-09-22 DHL PARCEL IBERIA, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €3,000
2025-09-22 DHL PARCEL IBERIA, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €3,000
2025-09-18 SAMARITAINE SAS
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 33Art. 38 €100,000
2025-09-18 SAMARITAINE SAS
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 33Art. 38 €100,000
2025-09-18 Dr. Max SRL
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 17 €1,000
2025-09-18 Dr. Max SRL
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 17 €1,000
2025-09-17 SERVICIOS FINANCIEROS CARREFOUR, E.F.C.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,500,000
2025-09-17 SERVICIOS FINANCIEROS CARREFOUR, E.F.C.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,500,000
2025-09-17 DIGI SPAIN TELECOM, S.L.U.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €150,000
2025-09-17 DIGI SPAIN TELECOM, S.L.U.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €150,000
2025-09-12 POLAND DPA: Lack of appointment of data protection officer
Lack of appointment of data protection officer
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 38 €2,670
2025-09-12 POLEN, Autoriteit voor gegevensbescherming: Gebrek aan benoeming van een functionaris voor gegevensbescherming.
Lack of appointment of data protection officer
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 38 €2,670
2025-09-11 Comune di Nichelino
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 16 €18,000
2025-09-11 Comune di Nichelino
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 16 €18,000
2025-09-11 Ministry of the Interior - Department of Firefighters, Public Rescue, and Civil Defense - Provincial Command of Florence
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9 €12,000
2025-09-11 Casa di Cura Città di Roma
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €12,000
2025-09-11 Casa di Cura Città di Roma
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €12,000
2025-09-11 Ministry of the Interior - Department of Firefighters, Public Rescue, and Civil Defense - Provincial Command of Florence
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9 €12,000