▲ Enforcement Tracker
3,488 GDPR enforcement decisions from 52 countries, updated daily.
Total fines · last 12 months
€1.3B
+876% vs previous year
Decisions · last 12 months
537
45 per month avg
Monthly fine totals · last 12 months
AugSepOctNovDecJanFebMarAprMayJunJul
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2022-04-07 | Azienda ospedaliera di Perugia Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 14Art. 25 | €40,000 |
| 2022-04-07 | ISWEB S.p.A. Insufficient data processing agreement | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 28 | €40,000 |
| 2022-04-07 | Made in Italy s.r.l.s. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 6Art. 7Art. 15Art. 17 | €20,000 |
| 2022-04-07 | Rebirth s.r.l. Insufficient fulfilment of information obligations | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 114Art. 157 | €15,000 |
| 2022-04-07 | E-Mac Professional s.r.l. Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 12Art. 15 | €10,000 |
| 2022-04-07 | Tecnomed Trento s.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 29Art. 32 | €10,000 |
| 2022-04-07 | Findomestic Banca spa Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5 | €10,000 |
| 2022-04-07 | Property owners' association Insufficient cooperation with supervisory authority | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 58 | €500 |
| 2022-04-05 | Danske Bank Non-compliance with general data processing principles | 🇪🇺 Danish Data Protection Authority (Datatilsynet) | Art. 5 | €1,300,000 |
| 2022-04-05 | Bank of Ireland Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 32Art. 33Art. 34 | €463,000 |
| 2022-04-04 | Brussels Airport Zaventem Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 9Art. 12 | €200,000 |
| 2022-04-04 | Brussels Airport Charleroi Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 9Art. 12 | €100,000 |
| 2022-04-04 | Ambuce Rescue Team Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 9 | €20,000 |
| 2022-04-04 | Piraeus Bank Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 33Art. 34 | €10,000 |
| 2022-04-04 | Mayor Insufficient legal basis for data processing | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5 | €5,000 |
| 2022-04-01 | Company Insufficient fulfilment of data subjects rights | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 15Art. 17 | €7,500 |
| 2022-03-29 | Workshop Non-compliance with general data processing principles | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 5Art. 6Art. 13 | €1,300 |
| 2022-03-28 | Klarna Bank AB Insufficient fulfilment of information obligations | 🇪🇺 Data Protection Authority of Sweden | Art. 5Art. 12Art. 13Art. 14 | €720,000 |
| 2022-03-28 | Condor SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2022-03-25 | Danish National Genome Center Insufficient technical and organisational measures to ensure information security | 🇪🇺 Danish Data Protection Authority (Datatilsynet) | Art. 36 | €6,700 |
| 2022-03-25 | Kaufland Romania SCS Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 15 | €2,000 |
| 2022-03-24 | Brav s.r.l. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €10,000 |
| 2022-03-23 | POLAND DPA: Insufficient cooperation with supervisory authority Insufficient cooperation with supervisory authority | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 31Art. 58 | €490 |
| 2022-03-22 | English School Cyprus Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 32 | €4,000 |
| 2022-03-21 | English School staff union (ESSA) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 32 | €5,000 |