Skip to content

Enforcement Tracker

3,481 GDPR enforcement decisions from 51 countries, updated daily.

Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Largest · last 90 days
€6.6M
Most active authority
112 decisions · SPAIN

Monthly fine totals · last 12 months

AugSepOctNovDecJanFebMarAprMayJunJul
Date ↓ Company / party Authority Articles Fine
2025-02-25 IBERMUTUA, MUTUA COLABORADORA CON LA SEGURIDAD SOCIAL NUM.274.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €600,000
2025-02-25 Vodafone España, S.A.U.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €200,000
2025-02-20 Medstar S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-02-17 Primary Health Care in the Capital Area
Insufficient legal basis for data processing
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 6Art. 9 €34,300
2025-02-17 Meedea Construct Prest SRL
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 9 €2,000
2025-02-14 Vodafone España, S.A.U.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €200,000
2025-02-14 ORANGE BANK, S.A. SUCURSAL EN ESPAÑA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €200,000
2025-02-11 BEEDIGITAL AI, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €120,000
2025-02-10 PPC Energie Muntenia SA
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 12Art. 15 €3,000
2025-02-06 Omniasig Vienna Insurance Group S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-02-05 ORANGE ESPAGNE, S.A.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6Art. 25 €1,200,000
2025-02-05 MARINA SALUD, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 28 €500,000
2025-02-05 FARMEC SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 25Art. 32 €5,000
2025-02-04 Real estate company
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 6Art. 12Art. 13 €40,000
2025-02-04 V&M Contab & Management SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32Art. 58 €10,000
2025-02-03 Unicredit Bank SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 25 €15,000
2025-01-31 S.P.E.E.H. HIDROELECTRICA S.A
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 25 €15,000
2025-01-27 Orange Romania SA
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 7Art. 12 €40,000
2025-01-23 Softehnica S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2025-01-21 Employment Service under the Ministry of Social Security and Labor of the Republic of Lithuania
Insufficient technical and organisational measures to ensure information security
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 24Art. 32 €9,000
2025-01-20 Vodafone Romania S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €15,000
2025-01-17 CAJA RURAL DE SALAMANCA, S.C.C.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €200,000
2025-01-17 CAJA RURAL DE EXTREMADURA S.C.C.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €88,000
2025-01-17 CAJA RURAL DE ALBACETE, CIUDAD REAL Y CUENCA, S.C.T
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €80,000
2025-01-17 CAJA RURAL DE GIJÓN, S.C.A.C.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €76,000