▲ Enforcement Tracker
3,481 GDPR enforcement decisions from 51 countries, updated daily.
Total fines · last 12 months
€1.3B
+878% vs previous year
Decisions · last 12 months
543
45 per month avg
Monthly fine totals · last 12 months
AugSepOctNovDecJanFebMarAprMayJunJul
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2026-02-03 | Alliance for the Union of Romanians (AUR) Party Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 15Art. 17Art. 21 | €1,000 |
| 2026-01-30 | Natural Person Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 9Art. 10 | €10,000 |
| 2026-01-30 | Hungarian University of Agriculture and Life Sciences Insufficient legal basis for data processing | 🇭🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 5Art. 6Art. 13 | €4,200 |
| 2026-01-29 | Università Telematica e-Campus Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 25 | €50,000 |
| 2026-01-29 | Ministero della Cultura Non-compliance with general data processing principles | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €12,000 |
| 2026-01-29 | Istituto San Giuseppe La Salle di Milano Non-compliance with general data processing principles | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €12,000 |
| 2026-01-29 | Istituto tecnico industriale statale “Stanislao Cannizzaro” di Catania Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9 | €10,000 |
| 2026-01-29 | Dr. Paolo Montemurro Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €5,000 |
| 2026-01-29 | Federazione Nazionale Ordini Professioni Infermieristiche (FNOPI) Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €2,000 |
| 2026-01-26 | Sportadmin i Skandinavien AB Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 32 | €565,000 |
| 2026-01-22 | FRANCE TRAVAIL Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32 | €5,000,000 |
| 2026-01-20 | Slovenia DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇸🇮 Slovenian Supervisory Authority (Informacijski pooblaščenec) | Art. 25 | €4,850 |
| 2026-01-19 | Continental Automotive Products SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 32 | €15,000 |
| 2026-01-19 | Continental Automotive Products SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 32 | €15,000 |
| 2026-01-19 | Dental Clinic Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €1,200 |
| 2026-01-16 | Timegrip AS Insufficient fulfilment of data subjects rights | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 15 | €21,650 |
| 2026-01-13 | PREMIER RESTAURANTS ROMANIA SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 28Art. 32 | €8,000 |
| 2026-01-13 | PREMIER RESTAURANTS ROMANIA SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 28Art. 32 | €8,000 |
| 2026-01-10 | KVIKU SPAIN, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €8,000 |
| 2026-01-10 | VOX ESPAÑA Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €500 |
| 2026-01-09 | Komendanta Miejskiego Policji w Krakowie Non-compliance with general data processing principles | 🇪🇺 Polish National Personal Data Protection Office (UODO) | €18,500 | |
| 2026-01-09 | Komendanta Miejskiego Policji w Krakowie Non-compliance with general data processing principles | 🇪🇺 Polish National Personal Data Protection Office (UODO) | €18,500 | |
| 2026-01-08 | FREE MOBILE Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 32 | €27,000,000 |
| 2026-01-08 | FREE MOBILE Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 32 | €27,000,000 |
| 2026-01-08 | FREE Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32Art. 34 | €15,000,000 |