GDPR Fines by Country

5,655 enforcement actions totaling €10.8B across 33 European countries. Select a country to explore its data protection authorities, enforcement trends, and notable cases.

Ireland leads European cookie enforcement with €6.9B across 81 actions, followed by France (€1.8B) and Netherlands (€867.0M). The Cookie Fines tracks enforcement across 33 European countries, updated daily.

Data current as of 17 June 2026 · Updated daily

Ireland

81 actions9 DPAs

€6.9B

decreasing

France

192 actions13 DPAs

€1.8B

decreasing

Netherlands

346 actions25 DPAs

€867.0M

decreasing

Italy

759 actions10 DPAs

€494.9M

decreasing

Spain

1279 actions9 DPAs

€207.9M

decreasing

United Kingdom

139 actions12 DPAs

€191.5M

decreasing

Germany

585 actions184 DPAs

€108.9M

decreasing

Greece

158 actions2 DPAs

€67.6M

decreasing

Norway

158 actions7 DPAs

€48.6M

decreasing

Sweden

116 actions11 DPAs

€43.8M

decreasing

Austria

310 actions20 DPAs

€42.5M

decreasing

Poland

179 actions13 DPAs

€35.4M

decreasing

Czech Republic

76 actions5 DPAs

€28.5M

stable

Croatia

68 actions10 DPAs

€21.4M

decreasing

Finland

87 actions8 DPAs

€15.3M

decreasing

Portugal

17 actions6 DPAs

€6.8M

stable

Lithuania

27 actions3 DPAs

€5.1M

decreasing

Denmark

108 actions6 DPAs

€4.1M

decreasing

Hungary

103 actions2 DPAs

€3.9M

stable

Bulgaria

41 actions5 DPAs

€3.8M

decreasing

Belgium

153 actions13 DPAs

€3.5M

decreasing

Estonia

32 actions6 DPAs

€3.3M

decreasing

Romania

321 actions4 DPAs

€2.2M

decreasing

Cyprus

69 actions5 DPAs

€1.5M

decreasing

Iceland

65 actions1 DPA

€1.2M

stable

Latvia

19 actions2 DPAs

€643K

decreasing

Malta

14 actions1 DPA

€512K

stable

Luxembourg

43 actions6 DPAs

€498K

decreasing

Slovenia

32 actions6 DPAs

€268K

decreasing

Slovakia

9 actions5 DPAs

€50K

decreasing

Switzerland

3 actions1 DPA

€7K

stable

Liechtenstein

1 actions1 DPA

€4K

stable

European Union

65 actions1 DPA

€0

decreasing

Frequently Asked Questions About GDPR Enforcement by Country

Q:Which European country issues the most GDPR fines?

Spain (AEPD) consistently issues the highest volume of GDPR fines, while Ireland (DPC) and Luxembourg (CNPD) issue the largest individual penalties due to hosting major tech company headquarters. France (CNIL) leads in cookie-specific enforcement. Italy (Garante) is also among the top enforcers by both volume and total amount.

Q:How do GDPR enforcement approaches differ across European countries?

Enforcement approaches vary significantly. France's CNIL focuses heavily on cookie consent and Big Tech. Spain's AEPD issues many smaller fines across diverse sectors. Ireland's DPC handles cross-border cases for US tech giants. Germany has a federal structure with 16 state-level DPAs plus the BfDI. Nordic countries tend to favour corrective measures over large fines.

Q:Do non-EU countries enforce GDPR fines?

Yes. EEA countries (Norway, Iceland, Liechtenstein) enforce GDPR through the EEA Agreement. The UK enforces its own UK GDPR post-Brexit through the ICO. Switzerland has separate data protection laws (nDSG/FADP) enforced by the FDPIC. These non-EU enforcers are included in the Cookie Fines database.