Skip to content

GDPR enforcement in 2025

718 decisions · €1.2B total fines · ← 2024 · 2026 →

Date ↓ Company / party Authority Articles Fine
2025-08-22 GRUPO BONATEL SL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €18,000
2025-08-22 BANCO INVERSIS, S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €6,000
2025-08-22 BANCO INVERSIS, S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €6,000
2025-08-18 SC Elite Conta SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-08-18 SC Elite Conta SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-08-14 WORLD 2 MEET, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €42,000
2025-08-14 WORLD 2 MEET, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €42,000
2025-08-13 Sole Trader
Insufficient cooperation with supervisory authority
🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 31 €500
2025-08-12 REAL SOCIEDAD DE FUTBOL S.A.D.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €66,000
2025-08-12 REAL SOCIEDAD DE FUTBOL S.A.D.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €66,000
2025-08-12 GACM SEGUROS GENERALES, COMPAÑIA DE SEGUROS Y REASEGUROS S.A.U.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €4,800
2025-08-12 GACM SEGUROS GENERALES, COMPAÑIA DE SEGUROS Y REASEGUROS S.A.U.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €4,800
2025-08-12 'FLEXICREDIT' Mutual Aid House Association
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-08-12 'FLEXICREDIT' Mutual Aid House Association
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-08-12 REAL FEDERACIÓN ESPAÑOLA DE TENIS DE MESA
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,600
2025-08-12 REAL FEDERACIÓN ESPAÑOLA DE TENIS DE MESA
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,600
2025-08-11 BIZUM, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €80,000
2025-08-11 BIZUM, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €80,000
2025-08-06 Media Company
Insufficient cooperation with supervisory authority
🇪🇺 Austrian Data Protection Authority (dsb) Art. 58 €6,200
2025-08-06 Media Company
Insufficient cooperation with supervisory authority
🇪🇺 Austrian Data Protection Authority (dsb) Art. 58 €6,200
2025-08-05 Bank of Cyprus Public Company Limited
Insufficient technical and organisational measures to ensure information security
🇨🇾 Cypriot Data Protection Commissioner Art. 5Art. 24Art. 32 €25,000
2025-08-05 Order of Biochemists, Biologists and Chemists in the Romanian Health System
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15 €1,000
2025-08-05 Order of Biochemists, Biologists and Chemists in the Romanian Health System
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15 €1,000
2025-08-04 Ospedaliero-Universitaria Careggi
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €80,000
2025-08-04 Ospedaliero-Universitaria Careggi
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €80,000