Skip to content

Enforcement Tracker

3,481 GDPR enforcement decisions from 51 countries, updated daily.

Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Largest · last 90 days
€6.6M
Most active authority
112 decisions · SPAIN

Monthly fine totals · last 12 months

AugSepOctNovDecJanFebMarAprMayJunJul
Date ↓ Company / party Authority Articles Fine
2025-10-09 EON ENERGIE ROMANIA S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €25,000
2025-10-09 EON ENERGIE ROMANIA S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €25,000
2025-10-09 Order of Nursing Professions of Pisa
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6 €16,000
2025-10-09 Order of Nursing Professions of Pisa
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6 €16,000
2025-10-09 Municipality of Moschato–Tavros
Insufficient legal basis for data processing
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 12Art. 13Art. 25 €10,000
2025-10-09 Municipality of Moschato–Tavros
Insufficient legal basis for data processing
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 12Art. 13Art. 25 €10,000
2025-10-09 Interprovincial Order of Medical Radiology Technicians and Technical Health Professions in Rehabilitation and Prevention of AQ - CH - PE - TE
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 37 €6,000
2025-10-09 Interprovincial Order of Medical Radiology Technicians and Technical Health Professions in Rehabilitation and Prevention of AQ - CH - PE - TE
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 37 €6,000
2025-10-09 FT Solutions S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €5,000
2025-10-09 FT Solutions S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €5,000
2025-10-03 THE RED KIWI, S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €30,000
2025-10-03 THE RED KIWI, S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €30,000
2025-09-30 Company
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Hamburg (HmbBfDI) €492,000
2025-09-30 Company
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Hamburg (HmbBfDI) €492,000
2025-09-30 Company
Insufficient fulfilment of data subjects rights
🇪🇺 Data Protection Authority of Hamburg (HmbBfDI) €195,000
2025-09-30 Company
Insufficient fulfilment of data subjects rights
🇪🇺 Data Protection Authority of Hamburg (HmbBfDI) €195,000
2025-09-29 Owner of a Tesla Car
Non-compliance with general data processing principles
🇪🇺 Austrian Data Protection Authority (dsb) Art. 5Art. 6Art. 12Art. 13 €600
2025-09-29 Owner of a Tesla Car
Non-compliance with general data processing principles
🇪🇺 Austrian Data Protection Authority (dsb) Art. 5Art. 6Art. 12Art. 13 €600
2025-09-25 E-Power S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €35,000
2025-09-25 E-Power S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €35,000
2025-09-25 Provincia Autonoma di Bolzano
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €32,000
2025-09-25 Provincia Autonoma di Bolzano
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €32,000
2025-09-25 S.C. PRIMONET RO S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €20,000
2025-09-25 S.C. PRIMONET RO S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €20,000
2025-09-25 Vimar S.p.A.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 13 €15,000