Skip to content

GDPR enforcement in 2026

156 decisions · €267.1M total fines · ← 2025

Date ↓ Company / party Authority Articles Fine
2026-04-17 Comune di Campo Calabro
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 6 €6,000
2026-04-17 Framos Italia s.r.l.
Non-compliance with general data processing principles
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €5,000
2026-04-17 Business Owner
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 32 €2,000
2026-04-17 Io e te s.r.l.s.
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 88 €2,000
2026-04-15 Utility Company
Insufficient legal basis for data processing
🇸🇮 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 5 €6,600
2026-04-07 Housing Associaction
Insufficient fulfilment of data breach notification obligations
🇵🇱 Polish National Personal Data Protection Office (UODO) Art. 33 €2,350
2026-04-03 BLUE PROJECTS S.R.L.
Insufficient technical and organisational measures to ensure information security
🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,500
2026-04-01 Ridetech International B.V.
Insufficient legal basis for data processing
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 5Art. 44Art. 46 €100,000,000
2026-03-27 Legal Person
Insufficient technical and organisational measures to ensure information security
🇸🇮 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 32 €13,491
2026-03-26 Intesa Sanpaolo S.p.A.
Insufficient technical and organisational measures to ensure information security
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 24Art. 32Art. 34 €31,800,000
2026-03-26 Eni S.p.A.
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 6 €96,000
2026-03-26 Municipality
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9 €5,000
2026-03-26 Esselunga S.p.A.
Insufficient fulfilment of data subjects rights
🇮🇹 Italian Data Protection Authority (Garante) Art. 12Art. 15 €5,000
2026-03-26 Piacenza Bar Association
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 6 €3,000
2026-03-26 Municipality
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9 €3,000
2026-03-26 Comune di Cassino
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 6 €2,500
2026-03-26 Physician
Insufficient fulfilment of data subjects rights
🇮🇹 Italian Data Protection Authority (Garante) Art. 13 €2,000
2026-03-26 Business Owner
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 88 €2,000
2026-03-26 Copacabana s.r.l.
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 88 €2,000
2026-03-26 Euro Bangla Minimarket in Jesi
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 88 €1,000
2026-03-25 RENAULT COMMERCIAL ROUMANIE S.R.L.
Insufficient technical and organisational measures to ensure information security
🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 28Art. 32 €125,000
2026-03-24 Advertising Agency
Insufficient legal basis for data processing
🇦🇹 Austrian Data Protection Authority (dsb) Art. 5Art. 6Art. 13 €6,300
2026-03-23 ING Bank NV Amsterdam – Sucursala București S.A.
Insufficient technical and organisational measures to ensure information security
🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €4,000
2026-03-20 Domeniul Public și Privat SA
Insufficient legal basis for data processing
🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 12Art. 13 €3,000
2026-03-20 Public and Private Domain SA
Insufficient legal basis for data processing
🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 12Art. 13 €3,000