GDPR Enforcement Tracker
A free, searchable database of publicly announced GDPR fines across the EU/EEA — filterable by country, authority, article, sector and amount — plus CMS's annual analytical report on enforcement trends.
- Published by
- CMS (international law firm)
- Type
- Free searchable fines database (with an annual analytical report)
- Jurisdiction
- EU / EEA — GDPR
- Primary audience
- DPOs, privacy counsel and anyone benchmarking enforcement risk
- Topic tags
- enforcement · fines benchmarking · risk-cost · precedent research
- Availability
- Free web database (filter / sort), updated frequently; annual GDPR Enforcement Tracker Report (PDF)
Why it matters
We surface this as a management and benchmarking tool — not for the fine figures as news. When you need to size a risk or justify a control to the board, "the regulator could fine us" is weak; a comparable, cited enforcement precedent is not. The Tracker lets you pull real fines by article, sector and authority — the raw material for a defensible risk-cost argument, a DPIA risk-rating, or a precedent check on how a given breach type has actually been penalised (approx. EUR 6.11bn tracked as at the 2025/26 Report, and rising; largest single fine EUR 1.2bn, Meta Platforms Ireland). The annual Enforcement Tracker Report turns the database into trend analysis by article, sector and country. It is a law firm's resource — we point to it as a tool, with no relationship or endorsement.
