Skip to content

GDPR enforcement in 2026

156 decisions · €267.1M total fines · ← 2025

Date ↓ Company / party Authority Articles Fine
2026-02-03 Alliance for the Union of Romanians (AUR) Party
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15Art. 17Art. 21 €1,000
2026-01-30 Natural Person
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 9Art. 10 €10,000
2026-01-30 Hungarian University of Agriculture and Life Sciences
Insufficient legal basis for data processing
🇭🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 5Art. 6Art. 13 €4,200
2026-01-29 Università Telematica e-Campus
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9Art. 25 €50,000
2026-01-29 Ministero della Cultura
Non-compliance with general data processing principles
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €12,000
2026-01-29 Istituto San Giuseppe La Salle di Milano
Non-compliance with general data processing principles
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €12,000
2026-01-29 Istituto tecnico industriale statale “Stanislao Cannizzaro” di Catania
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9 €10,000
2026-01-29 Dr. Paolo Montemurro
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 9 €5,000
2026-01-29 Federazione Nazionale Ordini Professioni Infermieristiche (FNOPI)
Insufficient legal basis for data processing
🇮🇹 Italian Data Protection Authority (Garante) Art. 5Art. 6 €2,000
2026-01-26 Sportadmin i Skandinavien AB
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 32 €565,000
2026-01-22 FRANCE TRAVAIL
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 32 €5,000,000
2026-01-20 Slovenia DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇸🇮 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 25 €4,850
2026-01-19 Continental Automotive Products SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 32 €15,000
2026-01-19 Continental Automotive Products SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 32 €15,000
2026-01-19 Dental Clinic
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,200
2026-01-16 Timegrip AS
Insufficient fulfilment of data subjects rights
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 15 €21,650
2026-01-13 PREMIER RESTAURANTS ROMANIA SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 28Art. 32 €8,000
2026-01-13 PREMIER RESTAURANTS ROMANIA SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 28Art. 32 €8,000
2026-01-10 KVIKU SPAIN, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €8,000
2026-01-10 VOX ESPAÑA
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €500
2026-01-09 Komendanta Miejskiego Policji w Krakowie
Non-compliance with general data processing principles
🇪🇺 Polish National Personal Data Protection Office (UODO) €18,500
2026-01-09 Komendanta Miejskiego Policji w Krakowie
Non-compliance with general data processing principles
🇪🇺 Polish National Personal Data Protection Office (UODO) €18,500
2026-01-08 FREE MOBILE
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 32 €27,000,000
2026-01-08 FREE MOBILE
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 32 €27,000,000
2026-01-08 FREE
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 32Art. 34 €15,000,000