▲ Enforcement Tracker
3,481 GDPR enforcement decisions from 51 countries, updated daily.
Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Monthly fine totals · last 12 months
AugSepOctNovDecJanFebMarAprMayJunJul
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-07-02 | ARCONADA 1932, S.L. Insufficient cooperation with supervisory authority | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 58 | €900 |
| 2025-06-30 | L. Zamenhof University Children's Clinical Hospital in Białystok Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 32 | €15,600 |
| 2025-06-30 | L. Zamenhof University Children's Clinical Hospital in Białystok Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 32 | €15,600 |
| 2025-06-26 | SIDECU, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 9Art. 13Art. 35 | €96,000 |
| 2025-06-26 | SIDECU, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 9Art. 13Art. 35 | €96,000 |
| 2025-06-26 | Alliance for the Union of Romanians Party Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 25Art. 32 | €25,000 |
| 2025-06-26 | Alliance for the Union of Romanians Party Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 25Art. 32 | €25,000 |
| 2025-06-26 | SC Piramida Trade Invest SRL Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 12Art. 15 | €3,000 |
| 2025-06-26 | Selgros Cash & Carry SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-06-26 | SC Tremend Software Consulting SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-06-26 | Selgros Cash & Carry SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-06-26 | SC Tremend Software Consulting SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-06-26 | SC Piramida Trade Invest SRL Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 12Art. 15 | €3,000 |
| 2025-06-25 | Vodafone – PANAFON A.E.E.T. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 28 | €550,000 |
| 2025-06-25 | Vodafone – PANAFON A.E.E.T. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 28 | €550,000 |
| 2025-06-25 | KARAMBELAS KONSTANTINOS & CO. E.E. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 29Art. 32 | €40,000 |
| 2025-06-25 | KARAMBELAS KONSTANTINOS & CO. E.E. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 29Art. 32 | €40,000 |
| 2025-06-24 | Birthlink Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32Art. 33 | €20,725 |
| 2025-06-24 | Birthlink Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32Art. 33 | €20,725 |
| 2025-06-24 | Shield of David - K.I.D.A.F. Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 12Art. 13Art. 15 | €10,000 |
| 2025-06-24 | Shield of David - K.I.D.A.F. Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 12Art. 13Art. 15 | €10,000 |
| 2025-06-24 | General Hospital of the University of Larissa Insufficient fulfilment of data subjects rights | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 14Art. 15 | €7,000 |
| 2025-06-24 | General Hospital of the University of Larissa Insufficient fulfilment of data subjects rights | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 14Art. 15 | €7,000 |
| 2025-06-23 | City of Dublin Education and Training Board Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 32Art. 33Art. 34 | €125,000 |
| 2025-06-23 | City of Dublin Education and Training Board Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 32Art. 33Art. 34 | €125,000 |