Skip to content

Enforcement Tracker

3,481 GDPR enforcement decisions from 51 countries, updated daily.

Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Largest · last 90 days
€6.6M
Most active authority
112 decisions · SPAIN

Monthly fine totals · last 12 months

AugSepOctNovDecJanFebMarAprMayJunJul
Date ↓ Company / party Authority Articles Fine
2025-03-28 GRUAS IGNACI, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13Art. 32 €6,600
2025-03-28 GRUAS IGNACI, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13Art. 32 €6,600
2025-03-28 CREMA GAMES, S.L.
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 15 €4,000
2025-03-28 CREMA GAMES, S.L.
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 15 €4,000
2025-03-27 Multiple Companies
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €18,000
2025-03-27 Multiple Companies
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €18,000
2025-03-27 Istituto di Istruzione Superiore 'P. Galluppi' Tropea
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9 €4,000
2025-03-27 Istituto di Istruzione Superiore 'P. Galluppi' Tropea
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9 €4,000
2025-03-27 Municipality of Palma di Montechiaro
Lack of appointment of data protection officer
🇪🇺 Italian Data Protection Authority (Garante) Art. 37 €3,000
2025-03-27 Municipality of Palma di Montechiaro
Lack of appointment of data protection officer
🇪🇺 Italian Data Protection Authority (Garante) Art. 37 €3,000
2025-03-26 Advanced Computer Software Group Ltd
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 32 €3,500,000
2025-03-26 Advanced Computer Software Group Ltd
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 32 €3,500,000
2025-03-25 NTT DATA ROMANIA S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32Art. 33 €25,000
2025-03-25 NTT DATA ROMANIA S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32Art. 33 €25,000
2025-03-24 Company
Insufficient legal basis for data processing
🇪🇺 Croatian Data Protection Authority (azop) Art. 5Art. 6Art. 32 €80,000
2025-03-24 Company
Insufficient legal basis for data processing
🇪🇺 Croatian Data Protection Authority (azop) Art. 5Art. 6Art. 12Art. 14 €40,000
2025-03-24 Company
Insufficient legal basis for data processing
🇪🇺 Croatian Data Protection Authority (azop) Art. 5Art. 6Art. 12Art. 14 €40,000
2025-03-24 Hospital
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 32 €20,000
2025-03-24 Chief Commander of the Police
Insufficient legal basis for data processing
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 6Art. 9 €17,600
2025-03-24 Casino
Lack of appointment of data protection officer
🇪🇺 Croatian Data Protection Authority (azop) Art. 37 €12,000
2025-03-24 Oil and fat manufacturer
Lack of appointment of data protection officer
🇪🇺 Croatian Data Protection Authority (azop) Art. 37 €10,000
2025-03-24 Hospital
Non-compliance with general data processing principles
🇪🇺 Croatian Data Protection Authority (azop) Art. 13Art. 14Art. 25Art. 28 €4,000
2025-03-24 Hospital
Non-compliance with general data processing principles
🇪🇺 Croatian Data Protection Authority (azop) Art. 13Art. 14Art. 25Art. 28 €4,000
2025-03-24 Hospital
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 13Art. 32Art. 33Art. 34 €3,000
2025-03-24 INDEPENDENTS DE VALLROMANES
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €2,000