Skip to content

Enforcement Tracker

3,488 GDPR enforcement decisions from 52 countries, updated daily.

Total fines · last 12 months
€1.3B
+875% vs previous year
Decisions · last 12 months
531
44 per month avg
Largest · last 90 days
€6.6M
Most active authority
110 decisions · SPAIN

Monthly fine totals · last 12 months

AugSepOctNovDecJanFebMarAprMayJunJul
Date ↓ Company / party Authority Articles Fine
2021-07-05 Higher Education Institution
Non-compliance with general data processing principles
🇪🇺 Deputy Data Protection Ombudsman Art. 5Art. 6 €25,000
2021-07-05 Insurance company
Insufficient fulfilment of information obligations
🇪🇺 Croatian Data Protection Authority (azop) Art. 13Art. 14
2021-07-05 IT services company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 32
2021-07-02 Private Individual
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €1,500
2021-07-01 Private Individual
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €6,000
2021-07-01 SPAIN DPA: Insufficient legal basis for data processing
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €1,000
2021-06-30 Fundację Promocji Mediacji i Edukacji Prawnej Lex Nostra
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 33Art. 34 €3,000
2021-06-29 LUXEMBOURG DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 National Commission for Data Protection (CNPD) Art. 5Art. 13 €12,500
2021-06-24 Magazine publisher
Insufficient legal basis for data processing
🇪🇺 Deputy Data Protection Ombudsman Art. 5Art. 7Art. 12Art. 21 €8,500
2021-06-22 NORWAY DPA: Insufficient legal basis for data processing
Insufficient legal basis for data processing
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 5Art. 6Art. 13Art. 17 €24,800
2021-06-22 TNT EXPRESS WORLDWIDE SPAIN, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €10,000
2021-06-21 Storstockholms Lokaltrafik
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 6Art. 13 €1,600,000
2021-06-21 Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A.
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 33Art. 34 €35,300
2021-06-21 UAB VS FITNESS
Non-compliance with general data processing principles
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 9Art. 13Art. 30 €20,000
2021-06-18 Magyar Telekom Nyrt.
Insufficient fulfilment of data subjects rights
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 5Art. 6Art. 12Art. 17 €28,400
2021-06-16 Vejle Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 32 €27,000
2021-06-15 Huppuís ehf
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 6Art. 12Art. 13 €34,000
2021-06-14 BRICO PRIVÉ
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 13Art. 17Art. 32 €500,000
2021-06-14 Inmopiso Zaragoza S.L.
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €1,200
2021-06-11 LUXEMBOURG DPA: Insufficient involvement of data protection officer
Insufficient involvement of data protection officer
🇪🇺 National Commission for Data Protection (CNPD) Art. 38Art. 39 €15,000
2021-06-11 LUXEMBOURG DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 National Commission for Data Protection (CNPD) Art. 5Art. 13 €7,600
2021-06-11 LUXEMBOURG DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 National Commission for Data Protection (CNPD) Art. 5Art. 13Art. 32 €7,200
2021-06-10 Foodinho s.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 22Art. 25 €2,600,000
2021-06-10 Aeroporto Guglielmo Marconi di Bologna S.p.a.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 25Art. 32 €40,000
2021-06-10 aiComply S.r.l.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 28Art. 32 €40,000