▲ Enforcement Tracker
3,481 GDPR enforcement decisions from 51 countries, updated daily.
Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Monthly fine totals · last 12 months
AugSepOctNovDecJanFebMarAprMayJunJul
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-01-17 | CAJA RURAL DEL SUR, S.C.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €16,000 |
| 2025-01-17 | CAJA RURAL DE ASTURIAS,
S.C.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €12,000 |
| 2025-01-17 | CAJA RURAL DE ARAGÓN, S.C.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €12,000 |
| 2025-01-17 | CAJA RURAL DE ARAGÓN, S.C.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €12,000 |
| 2025-01-17 | CAJA RURAL GRANADA, S.C.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €12,000 |
| 2025-01-17 | CAJA RURAL DE ONDA, S.C.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €12,000 |
| 2025-01-17 | CAJA RURAL NTRA. SRA. DEL
ROSARIO Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €10,000 |
| 2025-01-17 | CAJA RURAL DE
BAENA NTRA. SRA. DE GUADALUPE, S.C.C.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €8,000 |
| 2025-01-17 | CAJA RURAL NTRA. SRA. DEL ROSARIO Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €8,000 |
| 2025-01-17 | CAJA RURAL NTRA
MADRE DEL SOL S.C.A.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €8,000 |
| 2025-01-17 | DELIVERY SOLUTIONS S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-01-16 | CAJA RURAL DE JAEN, BARCELONA Y MADRID, S.C.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €400,000 |
| 2025-01-16 | Realmaps S.r.l. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €100,000 |
| 2025-01-16 | CAJA RURAL CENTRAL, S.C.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €72,000 |
| 2025-01-16 | San Pio Hospital in Benevento Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9 | €6,000 |
| 2025-01-16 | Alessandro Volta Classical and Scientific High School in Como Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €2,000 |
| 2025-01-16 | Municipality of Cori Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 6 | €2,000 |
| 2025-01-16 | Macelleria La Costata s.r.I.s Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 13 | €1,500 |
| 2025-01-16 | Pro Loco Tourist Association of Cittareale Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €600 |
| 2025-01-16 | BAR GIOIA Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5 | €600 |
| 2025-01-10 | National Bank of Greece S.A Insufficient technical and organisational measures to ensure information security | 🇬🇷 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 15Art. 25Art. 32 | €120,000 |
| 2025-01-10 | Asper Biogene OÜ Insufficient technical and organisational measures to ensure information security | 🇪🇺 Estonian Data Protection Authority (AKI) | €0 | |
| 2025-01-06 | Credit Institution Insufficient fulfilment of data subjects rights | 🇪🇺 National Commission for Data Protection (CNPD) | Art. 12 | €175,000 |
| 2025-01-03 | Unirea Medical Center S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 24Art. 32 | €2,000 |
| 2024-12-23 | Panek SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 32 | €357,000 |