▲ Enforcement Tracker
3,488 GDPR enforcement decisions from 52 countries, updated daily.
Total fines · last 12 months
€1.3B
+875% vs previous year
Decisions · last 12 months
531
44 per month avg
Monthly fine totals · last 12 months
AugSepOctNovDecJanFebMarAprMayJunJul
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2019-10-31 | UWV (Dutch employee insurance service provider) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 32 | €900,000 |
| 2019-10-31 | Menzis (Health Insurance Company) Non-compliance with general data processing principles | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 5 | €50,000 |
| 2019-10-31 | Jocker Premium Invex Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €6,000 |
| 2019-10-30 | Deutsche Wohnen SE Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Berlin | Art. 5 | — |
| 2019-10-29 | Austrian Post Insufficient legal basis for data processing | 🇪🇺 Austrian Data Protection Authority (dsb) | Art. 5Art. 6 | €16,000,000 |
| 2019-10-28 | Employer Insufficient fulfilment of data subjects rights | 🇪🇺 Commission for Personal Data Protection (KZLD) | Art. 12Art. 15 | €511 |
| 2019-10-25 | LGS Handling Ltd, Louis Travel Ltd, and Louis Aviation Ltd Insufficient legal basis for data processing | 🇪🇺 Cypriot Data Protection Commissioner | Art. 6Art. 9 | €70,000 |
| 2019-10-25 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €36,000 |
| 2019-10-25 | LGS Handling Ltd, Louis Travel Ltd, and Louis Aviation Ltd Insufficient legal basis for data processing | 🇪🇺 Cypriot Data Protection Commissioner | Art. 6Art. 9 | €10,000 |
| 2019-10-25 | LGS Handling Ltd, Louis Travel Ltd, and Louis Aviation Ltd Insufficient legal basis for data processing | 🇪🇺 Cypriot Data Protection Commissioner | Art. 6Art. 9 | €2,000 |
| 2019-10-24 | Food company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Baden-Wuerttemberg | Art. 5Art. 32 | €100,000 |
| 2019-10-24 | Military Hospital Insufficient fulfilment of data breach notification obligations | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 32Art. 33 | €7,400 |
| 2019-10-23 | Vodafone España, S.A.U. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €60,000 |
| 2019-10-18 | Wind Hellas Telecommunications Insufficient fulfilment of data subjects rights | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 21 | €20,000 |
| 2019-10-18 | Major of Aleksandrów Kujawski Insufficient data processing agreement | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 28 | €9,380 |
| 2019-10-17 | UTTIS INDUSTRIES SRL Insufficient fulfilment of information obligations | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 13Art. 5Art. 6 | €2,500 |
| 2019-10-16 | Xfera Moviles S.A. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €60,000 |
| 2019-10-16 | ClickQuickNow Non-compliance with general data processing principles | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5 | €47,000 |
| 2019-10-16 | Iberdrola Clientes Insufficient cooperation with supervisory authority | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 31 | €8,000 |
| 2019-10-15 | Unknown Company Non-compliance with general data processing principles | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 5Art. 6Art. 13Art. 24 | €2,860 |
| 2019-10-09 | Vreau Credit SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 33 | €20,000 |
| 2019-10-09 | Raiffeisen Bank SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €15,000 |
| 2019-10-08 | The Ministry of Interior Affairs Insufficient legal basis for data processing | 🇪🇺 Commission for Personal Data Protection (KZLD) | Art. 5Art. 6 | €5,112 |
| 2019-10-08 | Legal Person Insufficient fulfilment of data subjects rights | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 21 | €400 |
| 2019-10-07 | Telecommunication Service Provider Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 25 | €200,000 |