Skip to content

Enforcement Tracker

3,481 GDPR enforcement decisions from 51 countries, updated daily.

Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Largest · last 90 days
€6.6M
Most active authority
112 decisions · SPAIN

Monthly fine totals · last 12 months

AugSepOctNovDecJanFebMarAprMayJunJul
Date ↓ Company / party Authority Articles Fine
2025-01-17 CAJA RURAL DEL SUR, S.C.C.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €16,000
2025-01-17 CAJA RURAL DE ASTURIAS, S.C.C.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €12,000
2025-01-17 CAJA RURAL DE ARAGÓN, S.C.C.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €12,000
2025-01-17 CAJA RURAL DE ARAGÓN, S.C.C.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €12,000
2025-01-17 CAJA RURAL GRANADA, S.C.C.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €12,000
2025-01-17 CAJA RURAL DE ONDA, S.C.C.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €12,000
2025-01-17 CAJA RURAL NTRA. SRA. DEL ROSARIO
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €10,000
2025-01-17 CAJA RURAL DE BAENA NTRA. SRA. DE GUADALUPE, S.C.C.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €8,000
2025-01-17 CAJA RURAL NTRA. SRA. DEL ROSARIO
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €8,000
2025-01-17 CAJA RURAL NTRA MADRE DEL SOL S.C.A.C.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €8,000
2025-01-17 DELIVERY SOLUTIONS S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-01-16 CAJA RURAL DE JAEN, BARCELONA Y MADRID, S.C.C.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €400,000
2025-01-16 Realmaps S.r.l.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €100,000
2025-01-16 CAJA RURAL CENTRAL, S.C.C.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €72,000
2025-01-16 San Pio Hospital in Benevento
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9 €6,000
2025-01-16 Alessandro Volta Classical and Scientific High School in Como
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6 €2,000
2025-01-16 Municipality of Cori
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 6 €2,000
2025-01-16 Macelleria La Costata s.r.I.s
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 13 €1,500
2025-01-16 Pro Loco Tourist Association of Cittareale
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6 €600
2025-01-16 BAR GIOIA
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5 €600
2025-01-10 National Bank of Greece S.A
Insufficient technical and organisational measures to ensure information security
🇬🇷 Hellenic Data Protection Authority (HDPA) Art. 5Art. 15Art. 25Art. 32 €120,000
2025-01-10 Asper Biogene OÜ
Insufficient technical and organisational measures to ensure information security
🇪🇺 Estonian Data Protection Authority (AKI) €0
2025-01-06 Credit Institution
Insufficient fulfilment of data subjects rights
🇪🇺 National Commission for Data Protection (CNPD) Art. 12 €175,000
2025-01-03 Unirea Medical Center S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 24Art. 32 €2,000
2024-12-23 Panek SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 32 €357,000