▲ Enforcement Tracker
3,481 GDPR enforcement decisions from 51 countries, updated daily.
Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Monthly fine totals · last 12 months
AugSepOctNovDecJanFebMarAprMayJunJul
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-03-28 | GRUAS IGNACI, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13Art. 32 | €6,600 |
| 2025-03-28 | GRUAS IGNACI, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13Art. 32 | €6,600 |
| 2025-03-28 | CREMA GAMES, S.L. Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 15 | €4,000 |
| 2025-03-28 | CREMA GAMES, S.L. Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 15 | €4,000 |
| 2025-03-27 | Multiple Companies Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €18,000 |
| 2025-03-27 | Multiple Companies Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €18,000 |
| 2025-03-27 | Istituto di Istruzione Superiore 'P. Galluppi' Tropea Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9 | €4,000 |
| 2025-03-27 | Istituto di Istruzione Superiore 'P. Galluppi' Tropea Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9 | €4,000 |
| 2025-03-27 | Municipality of Palma di Montechiaro Lack of appointment of data protection officer | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 37 | €3,000 |
| 2025-03-27 | Municipality of Palma di Montechiaro Lack of appointment of data protection officer | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 37 | €3,000 |
| 2025-03-26 | Advanced Computer Software Group Ltd Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 32 | €3,500,000 |
| 2025-03-26 | Advanced Computer Software Group Ltd Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 32 | €3,500,000 |
| 2025-03-25 | NTT DATA ROMANIA S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 33 | €25,000 |
| 2025-03-25 | NTT DATA ROMANIA S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 33 | €25,000 |
| 2025-03-24 | Company Insufficient legal basis for data processing | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 5Art. 6Art. 32 | €80,000 |
| 2025-03-24 | Company Insufficient legal basis for data processing | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 5Art. 6Art. 12Art. 14 | €40,000 |
| 2025-03-24 | Company Insufficient legal basis for data processing | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 5Art. 6Art. 12Art. 14 | €40,000 |
| 2025-03-24 | Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 32 | €20,000 |
| 2025-03-24 | Chief Commander of the Police Insufficient legal basis for data processing | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 6Art. 9 | €17,600 |
| 2025-03-24 | Casino Lack of appointment of data protection officer | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 37 | €12,000 |
| 2025-03-24 | Oil and fat manufacturer Lack of appointment of data protection officer | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 37 | €10,000 |
| 2025-03-24 | Hospital Non-compliance with general data processing principles | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 13Art. 14Art. 25Art. 28 | €4,000 |
| 2025-03-24 | Hospital Non-compliance with general data processing principles | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 13Art. 14Art. 25Art. 28 | €4,000 |
| 2025-03-24 | Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 13Art. 32Art. 33Art. 34 | €3,000 |
| 2025-03-24 | INDEPENDENTS DE VALLROMANES Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €2,000 |