GDPR enforcement in 2026
156 decisions · €267.1M total fines · ← 2025
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2026-01-08 | FREE Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32Art. 34 | €15,000,000 |
| 2026-01-08 | Headquarter of a Fire Brigade Insufficient legal basis for data processing | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5 | €10,000 |
| 2026-01-08 | Money Seeds S.R.L. Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 13Art. 14 | €2,000 |
| 2026-01-08 | Money Seeds S.R.L. Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 13Art. 14 | €2,000 |
| 2026-01-06 | Sole Trader Non-compliance with general data processing principles | 🇸🇮 Slovenian Supervisory Authority (Informacijski pooblaščenec) | Art. 5 | €5,000 |
| 2026-01-02 | Polish Postal Service Lack of appointment of data protection officer | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 38 | €232,379 |
← previous 151–156 of 156