▲ Enforcement Tracker
3,481 GDPR enforcement decisions from 51 countries, updated daily.
Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Monthly fine totals · last 12 months
AugSepOctNovDecJanFebMarAprMayJunJul
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2026-04-17 | Comune di Campo Calabro Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €6,000 |
| 2026-04-17 | Framos Italia s.r.l. Non-compliance with general data processing principles | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €5,000 |
| 2026-04-17 | Io e te s.r.l.s. Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 88 | €2,000 |
| 2026-04-17 | Business Owner Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 32 | €2,000 |
| 2026-04-15 | Utility Company Insufficient legal basis for data processing | 🇸🇮 Slovenian Supervisory Authority (Informacijski pooblaščenec) | Art. 5 | €6,600 |
| 2026-04-07 | Housing Associaction Insufficient fulfilment of data breach notification obligations | 🇵🇱 Polish National Personal Data Protection Office (UODO) | Art. 33 | €2,350 |
| 2026-04-03 | BLUE PROJECTS S.R.L. Insufficient technical and organisational measures to ensure information security | 🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,500 |
| 2026-04-01 | Ridetech International B.V. Insufficient legal basis for data processing | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 5Art. 44Art. 46 | €100,000,000 |
| 2026-03-27 | Legal Person Insufficient technical and organisational measures to ensure information security | 🇸🇮 Slovenian Supervisory Authority (Informacijski pooblaščenec) | Art. 32 | €13,491 |
| 2026-03-26 | Intesa Sanpaolo S.p.A. Insufficient technical and organisational measures to ensure information security | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 24Art. 32Art. 34 | €31,800,000 |
| 2026-03-26 | Eni S.p.A. Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €96,000 |
| 2026-03-26 | Esselunga S.p.A. Insufficient fulfilment of data subjects rights | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 12Art. 15 | €5,000 |
| 2026-03-26 | Municipality Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9 | €5,000 |
| 2026-03-26 | Municipality Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9 | €3,000 |
| 2026-03-26 | Piacenza Bar Association Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €3,000 |
| 2026-03-26 | Comune di Cassino Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €2,500 |
| 2026-03-26 | Physician Insufficient fulfilment of data subjects rights | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 13 | €2,000 |
| 2026-03-26 | Copacabana s.r.l. Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 88 | €2,000 |
| 2026-03-26 | Business Owner Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 88 | €2,000 |
| 2026-03-26 | Euro Bangla Minimarket in Jesi Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 88 | €1,000 |
| 2026-03-25 | RENAULT COMMERCIAL ROUMANIE S.R.L. Insufficient technical and organisational measures to ensure information security | 🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 28Art. 32 | €125,000 |
| 2026-03-24 | Advertising Agency Insufficient legal basis for data processing | 🇦🇹 Austrian Data Protection Authority (dsb) | Art. 5Art. 6Art. 13 | €6,300 |
| 2026-03-23 | ING Bank NV Amsterdam – Sucursala București S.A. Insufficient technical and organisational measures to ensure information security | 🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €4,000 |
| 2026-03-20 | Public and Private Domain SA Insufficient legal basis for data processing | 🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 12Art. 13 | €3,000 |
| 2026-03-20 | Domeniul Public și Privat SA Insufficient legal basis for data processing | 🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 12Art. 13 | €3,000 |