GDPR Fine Tracker – An Ongoing, Always-Up-To-Date List of Enforcement Actions

In 2018, GDPR enforcement actions began trickling out from various EU data protection agencies. We want to give people a way to know who was fined, when, and why.


Did we miss one? Let us know at


Last updated: January 21, 2019


2019 GDPR Enforcement Actions


January, 2019


France – Google – €50,000,000


Google was fined from France’s data regulator, citing a lack of transparency and consent in advertising personalization, including a pre-checked option to personalize ads.


2018 GDPR Enforcement Actions


December, 2018


Portugal – Hospital near Lisbon – €400,000


Staff at the hospital used bogus accounts to access patient records.


November, 2018


Germany – (social media / chat platform) – €20,000


Knuddels reported a data breach, and upon investigation, the local data protection agency determined the site had been storing user passwords in plaintext without hashing. The fine was issued over the data storage practices, not the breach itself.


October, 2018


Austria – small, local business – €4,800


Why: A local business had a CCTV camera capturing too much public space.


Alpin helps companies discover and manage their SaaS vendors. As part of that effort, we work to track the GDPR compliance status of a large number of vendors. And we stay up-to-date on GDPR news, too.



Want to talk more? Contact or stay in touch by subscribing to our weekly roundup – which includes news, useful tips about SaaS apps, and our latest blog posts.

Mitchel Forney