GDPR enforcement in 2025
718 decisions · €1.2B total fines · ← 2024 · 2026 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-01-17 | CAJA RURAL NTRA. SRA. DEL
ROSARIO Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €10,000 |
| 2025-01-17 | CAJA RURAL NTRA
MADRE DEL SOL S.C.A.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €8,000 |
| 2025-01-17 | CAJA RURAL NTRA. SRA. DEL ROSARIO Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €8,000 |
| 2025-01-17 | CAJA RURAL DE
BAENA NTRA. SRA. DE GUADALUPE, S.C.C.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €8,000 |
| 2025-01-17 | DELIVERY SOLUTIONS S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-01-16 | CAJA RURAL DE JAEN, BARCELONA Y MADRID, S.C.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €400,000 |
| 2025-01-16 | Realmaps S.r.l. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €100,000 |
| 2025-01-16 | CAJA RURAL CENTRAL, S.C.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €72,000 |
| 2025-01-16 | San Pio Hospital in Benevento Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9 | €6,000 |
| 2025-01-16 | Municipality of Cori Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 6 | €2,000 |
| 2025-01-16 | Alessandro Volta Classical and Scientific High School in Como Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €2,000 |
| 2025-01-16 | Macelleria La Costata s.r.I.s Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 13 | €1,500 |
| 2025-01-16 | Pro Loco Tourist Association of Cittareale Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €600 |
| 2025-01-16 | BAR GIOIA Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5 | €600 |
| 2025-01-10 | National Bank of Greece S.A Insufficient technical and organisational measures to ensure information security | 🇬🇷 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 15Art. 25Art. 32 | €120,000 |
| 2025-01-10 | Asper Biogene OÜ Insufficient technical and organisational measures to ensure information security | 🇪🇺 Estonian Data Protection Authority (AKI) | €0 | |
| 2025-01-06 | Credit Institution Insufficient fulfilment of data subjects rights | 🇪🇺 National Commission for Data Protection (CNPD) | Art. 12 | €175,000 |
| 2025-01-03 | Unirea Medical Center S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 24Art. 32 | €2,000 |
← previous 701–718 of 718