Skip to content

Enforcement Tracker

3,481 GDPR enforcement decisions from 51 countries, updated daily.

Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Largest · last 90 days
€6.6M
Most active authority
112 decisions · SPAIN

Monthly fine totals · last 12 months

AugSepOctNovDecJanFebMarAprMayJunJul
Date ↓ Company / party Authority Articles Fine
2025-03-21 Bucharest Down Town Hotel SRL
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 13Art. 15 €1,000
2025-03-20 TECNOCRÃTICA CENTRO DE DATOS S.L.
Insufficient cooperation with supervisory authority
🇪🇺 Spanish Data Protection Authority (aepd) Art. 58 €4,800
2025-03-20 ONE UNITED PROPERTIES S.A
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 6Art. 12Art. 15Art. 17 €2,000
2025-03-20 GALENICUM HEALTH, S.L.U.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €500
2025-03-17 Poczta Polska SA (Polish Post)
Insufficient legal basis for data processing
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 6 €6,300,000
2025-03-17 Minister of Digital Affairs
Insufficient legal basis for data processing
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 6 €23,500
2025-03-14 CENTROS COMERCIALES CARREFOUR, S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32Art. 34 €3,200,000
2025-03-14 ING BANK N.V., SUCURSAL EN ESPAÑA
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €1,600,000
2025-03-13 Azienda regionale per lo sviluppo e per i servizi in agricoltura (ARSAC)
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 13Art. 25 €50,000
2025-03-13 Interflora Italia S.p.A.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 15 €40,000
2025-03-13 Encore Thermoengineering s.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 17 €20,000
2025-03-13 G@S Telecomunicazioni di Losito Lucia
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €15,000
2025-03-13 l’Istituto Alberghiero Mediterraneo di Pulsano
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6 €2,000
2025-03-13 Municipality of Roccaraso
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6 €2,000
2025-03-12 Automobilus International S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2025-03-11 Polskie Radio Szczecin
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 24Art. 32 €13,400
2025-03-11 Noy Business Tranzactions SRL
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15Art. 17 €1,000
2025-03-10 Telenor ASA.
Non-compliance with general data processing principles
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 24Art. 37Art. 38 €338,000
2025-03-10 Housing Finance Corporation
Insufficient legal basis for data processing
🇪🇺 Cypriot Data Protection Commissioner Art. 5Art. 24 €10,000
2025-03-07 Police Officer
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Baden-Württemberg Art. 5Art. 6 €3,500
2025-03-06 SHOPBAG GROUP ONLINE SRL
Insufficient cooperation with supervisory authority
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 58 €2,000
2025-03-04 WEBRASOFT SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €20,000
2025-03-03 BEKO ROMANIA SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €10,000
2025-03-01 Registry Agency of Republic of Bulgaria
Insufficient legal basis for data processing
🇧🇬 Bulgarian Commission for Personal Data Protection (KZLD) €2,556
2025-02-27 Velvet Medical SRL
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15 €1,000