▲ Enforcement Tracker
3,481 GDPR enforcement decisions from 51 countries, updated daily.
Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Monthly fine totals · last 12 months
AugSepOctNovDecJanFebMarAprMayJunJul
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-02-25 | IBERMUTUA, MUTUA COLABORADORA CON LA SEGURIDAD SOCIAL NUM.274. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €600,000 |
| 2025-02-25 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €200,000 |
| 2025-02-20 | Medstar S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-02-17 | Primary Health Care in the Capital Area Insufficient legal basis for data processing | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 6Art. 9 | €34,300 |
| 2025-02-17 | Meedea Construct Prest SRL Insufficient legal basis for data processing | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 9 | €2,000 |
| 2025-02-14 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €200,000 |
| 2025-02-14 | ORANGE BANK, S.A. SUCURSAL EN ESPAÑA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €200,000 |
| 2025-02-11 | BEEDIGITAL AI, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €120,000 |
| 2025-02-10 | PPC Energie Muntenia SA Insufficient legal basis for data processing | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 12Art. 15 | €3,000 |
| 2025-02-06 | Omniasig Vienna Insurance Group S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-02-05 | ORANGE ESPAGNE, S.A.U. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 25 | €1,200,000 |
| 2025-02-05 | MARINA SALUD, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 28 | €500,000 |
| 2025-02-05 | FARMEC SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 25Art. 32 | €5,000 |
| 2025-02-04 | Real estate company Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 6Art. 12Art. 13 | €40,000 |
| 2025-02-04 | V&M Contab & Management SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 58 | €10,000 |
| 2025-02-03 | Unicredit Bank SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 25 | €15,000 |
| 2025-01-31 | S.P.E.E.H. HIDROELECTRICA S.A Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 25 | €15,000 |
| 2025-01-27 | Orange Romania SA Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 7Art. 12 | €40,000 |
| 2025-01-23 | Softehnica S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2025-01-21 | Employment Service under the Ministry of Social Security and Labor of the Republic of Lithuania Insufficient technical and organisational measures to ensure information security | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 5Art. 24Art. 32 | €9,000 |
| 2025-01-20 | Vodafone Romania S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €15,000 |
| 2025-01-17 | CAJA RURAL DE SALAMANCA, S.C.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €200,000 |
| 2025-01-17 | CAJA RURAL DE EXTREMADURA S.C.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €88,000 |
| 2025-01-17 | CAJA RURAL DE ALBACETE, CIUDAD REAL Y CUENCA, S.C.T Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €80,000 |
| 2025-01-17 | CAJA RURAL DE GIJÓN, S.C.A.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €76,000 |