Skip to content

Enforcement Tracker

3,481 GDPR enforcement decisions from 51 countries, updated daily.

Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Largest · last 90 days
€6.6M
Most active authority
112 decisions · SPAIN

Monthly fine totals · last 12 months

AugSepOctNovDecJanFebMarAprMayJunJul
Date ↓ Company / party Authority Articles Fine
2025-08-06 Media Company
Insufficient cooperation with supervisory authority
🇪🇺 Austrian Data Protection Authority (dsb) Art. 58 €6,200
2025-08-05 Bank of Cyprus Public Company Limited
Insufficient technical and organisational measures to ensure information security
🇨🇾 Cypriot Data Protection Commissioner Art. 5Art. 24Art. 32 €25,000
2025-08-05 Order of Biochemists, Biologists and Chemists in the Romanian Health System
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15 €1,000
2025-08-05 Order of Biochemists, Biologists and Chemists in the Romanian Health System
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15 €1,000
2025-08-04 Ospedaliero-Universitaria Careggi
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €80,000
2025-08-04 Ospedaliero-Universitaria Careggi
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €80,000
2025-08-04 Comune di Venezia
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 25Art. 32 €10,000
2025-08-04 Comune di Venezia
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 25Art. 32 €10,000
2025-08-04 Non-Public Health Care Institution
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €7,700
2025-08-04 Non-Public Health Care Institution
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €7,700
2025-08-04 Linea Stampalibera Società Cooperativa r.I.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5 €2,000
2025-08-04 Linea Stampalibera Società Cooperativa r.I.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5 €2,000
2025-08-04 Police Officer
Insufficient legal basis for data processing
🇪🇺 Information Commissioner (ICO) €230
2025-08-04 Police Officer
Insufficient legal basis for data processing
🇪🇺 Information Commissioner (ICO) €230
2025-07-29 Legal Entity
Insufficient legal basis for data processing
🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 5Art. 6 €11,614
2025-07-28 Entrepreneur
Insufficient cooperation with supervisory authority
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 58 €4,400
2025-07-28 Entrepreneur
Insufficient cooperation with supervisory authority
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 58 €4,400
2025-07-25 Legal Entity
Insufficient data processing agreement
🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 28 €5,810
2025-07-25 Legal Entity
Insufficient technical and organisational measures to ensure information security
🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 32 €5,020
2025-07-24 Debt Collector
Insufficient fulfilment of data subjects rights
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 6Art. 17 €26,400
2025-07-23 SATI S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9 €10,000
2025-07-23 SATI S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9 €10,000
2025-07-23 Order of Nursing Professions of Viterbo
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €10,000
2025-07-23 Order of Nursing Professions of Viterbo
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €10,000
2025-07-23 Agricola International SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000