Skip to content

Enforcement Tracker

3,481 GDPR enforcement decisions from 51 countries, updated daily.

Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Largest · last 90 days
€6.6M
Most active authority
112 decisions · SPAIN

Monthly fine totals · last 12 months

AugSepOctNovDecJanFebMarAprMayJunJul
Date ↓ Company / party Authority Articles Fine
2025-07-02 ARCONADA 1932, S.L.
Insufficient cooperation with supervisory authority
🇪🇺 Spanish Data Protection Authority (aepd) Art. 58 €900
2025-06-30 L. Zamenhof University Children's Clinical Hospital in Białystok
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 32 €15,600
2025-06-30 L. Zamenhof University Children's Clinical Hospital in Białystok
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 32 €15,600
2025-06-26 SIDECU, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 9Art. 13Art. 35 €96,000
2025-06-26 SIDECU, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 9Art. 13Art. 35 €96,000
2025-06-26 Alliance for the Union of Romanians Party
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 25Art. 32 €25,000
2025-06-26 Alliance for the Union of Romanians Party
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 25Art. 32 €25,000
2025-06-26 SC Piramida Trade Invest SRL
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 12Art. 15 €3,000
2025-06-26 Selgros Cash & Carry SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-06-26 SC Tremend Software Consulting SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-06-26 Selgros Cash & Carry SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-06-26 SC Tremend Software Consulting SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-06-26 SC Piramida Trade Invest SRL
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 12Art. 15 €3,000
2025-06-25 Vodafone – PANAFON A.E.E.T.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 28 €550,000
2025-06-25 Vodafone – PANAFON A.E.E.T.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 28 €550,000
2025-06-25 KARAMBELAS KONSTANTINOS & CO. E.E.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 29Art. 32 €40,000
2025-06-25 KARAMBELAS KONSTANTINOS & CO. E.E.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 29Art. 32 €40,000
2025-06-24 Birthlink
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32Art. 33 €20,725
2025-06-24 Birthlink
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32Art. 33 €20,725
2025-06-24 Shield of David - K.I.D.A.F.
Non-compliance with general data processing principles
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 12Art. 13Art. 15 €10,000
2025-06-24 Shield of David - K.I.D.A.F.
Non-compliance with general data processing principles
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 12Art. 13Art. 15 €10,000
2025-06-24 General Hospital of the University of Larissa
Insufficient fulfilment of data subjects rights
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 14Art. 15 €7,000
2025-06-24 General Hospital of the University of Larissa
Insufficient fulfilment of data subjects rights
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 14Art. 15 €7,000
2025-06-23 City of Dublin Education and Training Board
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 32Art. 33Art. 34 €125,000
2025-06-23 City of Dublin Education and Training Board
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 32Art. 33Art. 34 €125,000