Skip to content

GDPR enforcement in 2025

718 decisions · €1.2B total fines · ← 2024 · 2026 →

Date ↓ Company / party Authority Articles Fine
2025-11-27 AMERICAN EXPRESS CARTE FRANCE
Insufficient legal basis for data processing
🇪🇺 French Data Protection Authority (CNIL) Art. 82 €1,500,000
2025-11-27 Verisure Italy s.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 7Art. 12Art. 13 €400,000
2025-11-27 Verisure Italy s.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 7Art. 12Art. 13 €400,000
2025-11-27 Aimag S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €300,000
2025-11-27 Aimag S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €300,000
2025-11-27 Infobel
Insufficient legal basis for data processing
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 24 €40,000
2025-11-27 Infobel
Insufficient legal basis for data processing
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 24 €40,000
2025-11-27 Nițu A. Cleopatra – Expert Accountant
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-11-27 Nițu A. Cleopatra – Expert Accountant
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-11-26 Legal Entity
Insufficient legal basis for data processing
🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 5Art. 6 €6,600
2025-11-26 Cucina di Fabio S.R.L.
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 6Art. 15Art. 17Art. 25 €3,000
2025-11-26 Cucina di Fabio S.R.L.
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 6Art. 15Art. 17Art. 25 €3,000
2025-11-24 Telecommunications operator (operator of electronic communications networks and services)
Non-compliance with general data processing principles
🇪🇺 Croatian Data Protection Authority (azop) Art. 5Art. 6Art. 12Art. 13 €4,500,000
2025-11-24 Telecommunications operator (operator of electronic communications networks and services)
Non-compliance with general data processing principles
🇪🇺 Croatian Data Protection Authority (azop) Art. 5Art. 6Art. 12Art. 13 €4,500,000
2025-11-23 ACTIVOS INTELIGENTES, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €5,000
2025-11-23 ACTIVOS INTELIGENTES, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €5,000
2025-11-21 IDCQ HOSPITALES Y SANIDAD, S.L.U.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6Art. 9Art. 25 €1,200,000
2025-11-21 Legal Entity
Insufficient technical and organisational measures to ensure information security
🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 32 €16,650
2025-11-20 LastPass UK Ltd
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32 €1,400,000
2025-11-20 LastPass UK Ltd
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32 €1,400,000
2025-11-20 LES PUBLICATIONS CONDE NAST
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 82 €750,000
2025-11-20 LES PUBLICATIONS CONDE NAST
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 82 €750,000
2025-11-19 STRATESYS TECHNOLOGY SOLUTIONS, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €60,000
2025-11-19 STRATESYS TECHNOLOGY SOLUTIONS, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €60,000
2025-11-19 Greencorp S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000