▲ Enforcement Tracker
3,481 GDPR enforcement decisions from 51 countries, updated daily.
Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Monthly fine totals · last 12 months
AugSepOctNovDecJanFebMarAprMayJunJul
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-04-29 | Energia Verde S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €100,000 |
| 2025-04-29 | Regione Lombardia Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 25Art. 28 | €50,000 |
| 2025-04-29 | Regione Lombardia Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 25Art. 28 | €50,000 |
| 2025-04-29 | MA Immobiliare S.r.l.s. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €40,000 |
| 2025-04-29 | MA Immobiliare S.r.l.s. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €40,000 |
| 2025-04-29 | Municipality of Bologna Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9 | €40,000 |
| 2025-04-29 | Municipality of Bologna Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9 | €40,000 |
| 2025-04-29 | Ordine degli psicologi della Lombardia Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €30,000 |
| 2025-04-29 | Ordine degli psicologi della Lombardia Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €30,000 |
| 2025-04-29 | Cooperativa Sociale Quadrifoglio Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 28Art. 32 | €20,000 |
| 2025-04-29 | Cooperativa Sociale Quadrifoglio Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 28Art. 32 | €20,000 |
| 2025-04-29 | Versilmagra Immobiliare di Robertelli Davide & C. S.a.s. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €2,000 |
| 2025-04-29 | Versilmagra Immobiliare di Robertelli Davide & C. S.a.s. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €2,000 |
| 2025-04-29 | Tirrenia Hospital S.r.l. Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 12Art. 15 | €2,000 |
| 2025-04-29 | Tirrenia Hospital S.r.l. Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 12Art. 15 | €2,000 |
| 2025-04-29 | Municipality of San Francesco al Campo Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5 | €1,200 |
| 2025-04-29 | Municipality of San Francesco al Campo Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5 | €1,200 |
| 2025-04-28 | Xiting ROM SRL Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 15 | €1,000 |
| 2025-04-28 | Xiting ROM SRL Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 15 | €1,000 |
| 2025-04-25 | SC Travel Planner SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 15Art. 32Art. 33 | €6,000 |
| 2025-04-25 | SC Travel Planner SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 15Art. 32Art. 33 | €6,000 |
| 2025-04-25 | Sole Trader Insufficient legal basis for data processing | 🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) | Art. 5 | €1,000 |
| 2025-04-24 | Dante International SA Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 17Art. 19 | €10,000 |
| 2025-04-24 | Dante International SA Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 17Art. 19 | €10,000 |
| 2025-04-24 | Real Estate Agency Insufficient cooperation with supervisory authority | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 17Art. 21 | €6,000 |