Skip to content

Enforcement Tracker

3,483 GDPR enforcement decisions from 51 countries, updated daily.

Total fines · last 12 months
€1.3B
+879% vs previous year
Decisions · last 12 months
545
45 per month avg
Largest · last 90 days
€6.6M
Most active authority
112 decisions · SPAIN

Monthly fine totals · last 12 months

AugSepOctNovDecJanFebMarAprMayJunJul
Date ↓ Company / party Authority Articles Fine
2023-05-12 NN Pensii Societate de Administrare a unui Fond de Pensii Administrat Privat S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €1,500
2023-05-12 NN Asigurări de Viață S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €1,000
2023-05-11 Libra Internet Bank SA
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15 €11,000
2023-05-10 Clearview AI
Insufficient cooperation with supervisory authority
🇪🇺 French Data Protection Authority (CNIL) €5,200,000
2023-05-09 ESTUDIO INMOBILIARIO SAN ISIDRO, S.L.U.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €5,000
2023-05-09 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €180
2023-05-05 Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €2,200
2023-05-05 Homeowners' association
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €2,000
2023-05-05 FUNDACIÓ PRIVADA UNIVERSITARIA EADA
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €1,200
2023-05-04 Debt collection agency
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 6Art. 13Art. 28Art. 32 €2,265,000
2023-05-04 Legal Person
Insufficient legal basis for data processing
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 6Art. 14 €3,810
2023-05-03 GSMA LTD.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 35 €200,000
2023-05-03 BANQUETES SANTA ANA, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €5,000
2023-05-02 NAGA Markets Europe Ltd
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 5Art. 32 €9,000
2023-04-28 ALBERO FORTE COMPOSITE, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 35 €12,000
2023-04-28 INFINITY ECOM S.L.
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €5,000
2023-04-28 ASSOCIACIO DE CAÇADORS D'ALZIRA
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €2,000
2023-04-27 Benetton Group S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €240,000
2023-04-27 Ama S.p.a.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 28Art. 29Art. 32Art. 2 €239,000
2023-04-27 Roma Capitale
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 28Art. 29 €176,000
2023-04-27 Ufficio Scolastico Regionale per la Puglia, Ufficio VI - Ambito Territoriale di Lecce
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9Art. 2 €15,000
2023-04-27 Università degli studi di Cassino e del Lazio Meridionale
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 10Art. 2 €4,000
2023-04-27 Store owner
Insufficient fulfilment of information obligations
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13 €2,000
2023-04-27 Private individual
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6 €400
2023-04-26 Skåne region
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden Art. 32 €17,600