Home / GDPR Enforcement Tracker Report

GDPR Enforcement Tracker Report


1st edition 2020

All EU Member States have been required to apply the General Data Protection Regulation ("GDPR", Regulation (EU) 2016/679) since 25 May 2018. After a cautious initial period, the EU data protection authorities ("DPA") have increased their fining activity significantly. This GDPR Enforcement Tracker Report aims to provide you with valuable insights into the fining activities of all EU DPAs under the GDPR, as well as the ICO's practice in the United Kingdom. Our analysis is based on the publicly available data on fines that we collect and compile at www.enforcementtracker.com. We intend to publish annual editions of this report, and we expect that the relevance of insights will steadily increase as more data on fines becomes available.

Overview, country and sector approach

In search of guidance on how to optimise its own data protection strategy and prioritise data protection measures, a company will naturally want to look at its peers and the competent authorities' practice. This holds true both in terms of business sectors and jurisdiction. Kicking off with an overall summary on the existing fines ("Numbers and Figures"), we have correspondingly divided the fines into the following business sectors and considered the respective fines' origins:

  • Finance, insurance and consulting
  • Accommodation and hospitality
  • Health care
  • Industry, commerce and real estate
  • Media, telecoms and broadcasting
  • Public sector
  • Transportation and energy
  • Individuals and private associations
  • Employers

Your takeaways

The in-depth analysis permits first conclusions to be drawn as to which business sectors attracted particularly hefty fines. We have also analysed the DPAs' reasonings for the fines. These aspects together allow us to provide you with key takeaways for each business sector. Apart from the lawfulness of each data processing operation, bolstering data security should remain in the spotlight for every organisation. Litigation in data protection is set to increase in the near future. Organisations that maintain up-to-date security measures will be best prepared for the future and for potential litigation.


GDPR Enforcement Tracker

This website contains a list and overview of fines and penalties which data protection authorities within the EU have imposed under the EU General Data Protection Regulation (GDPR, DSGVO).

Go to GDPR Enforcement Tracker

How can we help you?

Write us a message and we will get in contact.

Your message was sent. Thank you for contacting us. We will get back to you soon.

Please check these fields.

By including your personal data on this form you agree to it being used in accordance with our Privacy Policy


Key contact

Christian Runte
Christian Runte
T +49 89 23807 163
Michael Kamps
Michael Kamps
T +49 221 7716 372
GDPR Enforcement Tracker Report Executive Summary
PDF 975 kB