▲ Enforcement Tracker
3,488 GDPR enforcement decisions from 52 countries, updated daily.
Total fines · last 12 months
€1.3B
+875% vs previous year
Decisions · last 12 months
531
44 per month avg
Monthly fine totals · last 12 months
AugSepOctNovDecJanFebMarAprMayJunJul
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2021-02-01 | IDFINANCE Spain, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €3,000 |
| 2021-02-01 | Legal Person Insufficient fulfilment of data subjects rights | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 17 | €80 |
| 2021-01-27 | FRANCE DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32 | €150,000 |
| 2021-01-27 | FRANCE DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32 | €75,000 |
| 2021-01-27 | Azienda USL della Romagna Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €50,000 |
| 2021-01-27 | Azienda Ospedaliero Universitaria Senese Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €50,000 |
| 2021-01-27 | Family Service / N.D.P.K. nv. Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 7Art. 13 | €50,000 |
| 2021-01-27 | Azienda Ospedaliero Universitaria di Parma Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €10,000 |
| 2021-01-27 | City of Rome (Roma capitale) Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 2 | €10,000 |
| 2021-01-22 | BELGIUM DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 24Art. 32Art. 33 | €25,000 |
| 2021-01-21 | Telefónica Móviles España, SAU Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €75,000 |
| 2021-01-21 | Alterna Operador Integral S.L. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €50,000 |
| 2021-01-20 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €26,710 |
| 2021-01-20 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €11,430 |
| 2021-01-20 | Individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €1,200 |
| 2021-01-19 | Aquateknikk AS Insufficient legal basis for data processing | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 5Art. 6 | €9,700 |
| 2021-01-19 | Legal Person Insufficient fulfilment of data subjects rights | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 15 | €1,200 |
| 2021-01-15 | Anwara Sp. z.o.o. Insufficient cooperation with supervisory authority | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 31Art. 58 | €4,600 |
| 2021-01-14 | Regione Lazio Insufficient data processing agreement | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 28 | €75,000 |
| 2021-01-14 | Coop Finnmark SA Insufficient legal basis for data processing | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 5Art. 6 | €38,600 |
| 2021-01-14 | Azienda sanitaria provinciale di Enna Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9 | €30,000 |
| 2021-01-14 | Azienda Usl di Bologna Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €18,000 |
| 2021-01-14 | Agenzia regionale protezione ambientale Campania (ARPAC) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €8,000 |
| 2021-01-14 | Poliambulatorio Talenti S.r.l. Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 12Art. 15 | €2,000 |
| 2021-01-13 | Caixabank S.A. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 13Art. 14 | €2,000,000 |