Another year has passed and the new edition of our CMS Enforcement Tracker Report 2026 has been published, giving you a deep dive into the world of fines under the European General Data Protection Regulation (GDPR). We continuously analyse the fines we collect in the CMS Enforcement Tracker and provide you with an annual overview of the results in the 7th edition of the report.
The CMS Enforcement Tracker
At https://enforcementtracker.com/ we have an up-to-date list of all fines under the GDPR announced publicly in the EU and EEA, which users can filter and sort by various criteria. The tracker also contains background information on each case and links for more details.
State of affairs after eight years of the GDPR
A lot has happened in the eight years since the GDPR came into effect. The risk of fines of up to EUR 20 million or 4 % of a company's global annual turnover remains however, so companies should not treat their internal data protection organisation lightly. Instead they should ensure technical and organisational security, maintain transparency requirements and respond promptly and appropriately to requests and claims by data subjects.
The latest edition of the Enforcement Tracker Report covers all fines from 2018 until the submission deadline on 1 March 2026. For the first time, the total of the fines issued passed the 6-billion mark, while the average fine imposed across all countries levelled off around EUR 2.28 million.
You can find out more including all the details in our Enforcement Tracker Report 2026:
Our overview of publicly announced GDPR fines is continuously updated throughout the year and can be found at: www.enforcementtracker.com.
