Skip to content

GDPR enforcement in 2025

718 decisions · €1.2B total fines · ← 2024 · 2026 →

Date ↓ Company / party Authority Articles Fine
2025-11-19 Greencorp S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-11-19 ASOCIACIÓN NACIONAL DE TASADORES Y PERITOS JUDICIALES INFORMÁTICOS
Insufficient fulfilment of data subjects rights
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13Art. 17 €2,000
2025-11-19 ASOCIACIÓN NACIONAL DE TASADORES Y PERITOS JUDICIALES INFORMÁTICOS
Insufficient fulfilment of data subjects rights
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13Art. 17 €2,000
2025-11-19 SOBLADA RESTAURACIÓN, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €800
2025-11-19 SOBLADA RESTAURACIÓN, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €800
2025-11-18 Journalist
Insufficient legal basis for data processing
🇪🇺 Austrian Data Protection Authority (dsb) Art. 5Art. 6 €80
2025-11-18 Journalist
Insufficient legal basis for data processing
🇪🇺 Austrian Data Protection Authority (dsb) Art. 5Art. 6 €80
2025-11-17 PGS SOFA & CO SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €8,000
2025-11-17 PGS SOFA & CO SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €8,000
2025-11-15 Powiatowego Inspektora Sanitarnego w Policach
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 24Art. 25Art. 32 €4,750
2025-11-15 Powiatowego Inspektora Sanitarnego w Policach
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 24Art. 25Art. 32 €4,750
2025-11-14 AXARQUIA VELEZ DENTAL, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €2,400
2025-11-14 AXARQUIA VELEZ DENTAL, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €2,400
2025-11-13 Quarantadue S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5 €40,000
2025-11-13 Quarantadue S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5 €40,000
2025-11-13 Comune di Orte
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €6,000
2025-11-13 Comune di Orte
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €6,000
2025-11-12 Fan Courier Express S.R.L.
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 12Art. 15 €4,000
2025-11-12 Fan Courier Express S.R.L.
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 12Art. 15 €4,000
2025-11-10 Whitedecor SRL
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 6Art. 7Art. 12Art. 15 €2,000
2025-11-10 Whitedecor SRL
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 6Art. 7Art. 12Art. 15 €2,000
2025-11-07 Klass Wagen S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €7,000
2025-11-07 Klass Wagen S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €7,000
2025-11-07 Company
Insufficient fulfilment of data subjects rights
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 12Art. 15 €1,000
2025-11-07 Company
Insufficient fulfilment of data subjects rights
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 12Art. 15 €1,000