GDPR Fines by Country

5,535 enforcement actions totaling €10.6B across 33 European countries. Select a country to explore its data protection authorities, enforcement trends, and notable cases.

Ireland leads European cookie enforcement with €6.9B across 79 actions, followed by France (€1.8B) and Netherlands (€667.0M). The Cookie Fines tracks enforcement across 33 European countries, updated daily.

Data current as of 29 April 2026 · Updated daily

Ireland

79 actions8 DPAs

€6.9B

decreasing

France

189 actions13 DPAs

€1.8B

decreasing

Netherlands

342 actions25 DPAs

€667.0M

decreasing

Italy

732 actions10 DPAs

€482.0M

decreasing

United Kingdom

135 actions11 DPAs

€189.3M

decreasing

Spain

1264 actions8 DPAs

€189.2M

decreasing

Germany

580 actions181 DPAs

€108.9M

decreasing

Greece

155 actions2 DPAs

€67.4M

decreasing

Sweden

115 actions11 DPAs

€43.8M

decreasing

Austria

289 actions20 DPAs

€42.5M

decreasing

Poland

179 actions13 DPAs

€35.4M

decreasing

Norway

157 actions7 DPAs

€31.2M

decreasing

Czech Republic

76 actions5 DPAs

€28.5M

stable

Croatia

65 actions10 DPAs

€21.4M

decreasing

Finland

86 actions8 DPAs

€15.3M

decreasing

Portugal

17 actions6 DPAs

€6.8M

stable

Lithuania

25 actions3 DPAs

€5.1M

decreasing

Denmark

108 actions6 DPAs

€4.1M

decreasing

Hungary

98 actions2 DPAs

€3.8M

decreasing

Bulgaria

39 actions5 DPAs

€3.8M

stable

Estonia

31 actions5 DPAs

€3.3M

decreasing

Belgium

146 actions13 DPAs

€3.0M

decreasing

Romania

318 actions4 DPAs

€2.2M

decreasing

Cyprus

65 actions5 DPAs

€1.5M

decreasing

Iceland

65 actions1 DPA

€1.2M

stable

Latvia

19 actions2 DPAs

€643K

decreasing

Luxembourg

42 actions5 DPAs

€498K

decreasing

Malta

13 actions1 DPA

€492K

stable

Slovenia

30 actions6 DPAs

€177K

decreasing

Slovakia

8 actions4 DPAs

€50K

decreasing

Switzerland

3 actions1 DPA

€7K

stable

Liechtenstein

1 actions1 DPA

€4K

stable

European Union

64 actions1 DPA

€0

decreasing

Frequently Asked Questions About GDPR Enforcement by Country

Q:Which European country issues the most GDPR fines?

Spain (AEPD) consistently issues the highest volume of GDPR fines, while Ireland (DPC) and Luxembourg (CNPD) issue the largest individual penalties due to hosting major tech company headquarters. France (CNIL) leads in cookie-specific enforcement. Italy (Garante) is also among the top enforcers by both volume and total amount.

Q:How do GDPR enforcement approaches differ across European countries?

Enforcement approaches vary significantly. France's CNIL focuses heavily on cookie consent and Big Tech. Spain's AEPD issues many smaller fines across diverse sectors. Ireland's DPC handles cross-border cases for US tech giants. Germany has a federal structure with 16 state-level DPAs plus the BfDI. Nordic countries tend to favour corrective measures over large fines.

Q:Do non-EU countries enforce GDPR fines?

Yes. EEA countries (Norway, Iceland, Liechtenstein) enforce GDPR through the EEA Agreement. The UK enforces its own UK GDPR post-Brexit through the ICO. Switzerland has separate data protection laws (nDSG/FADP) enforced by the FDPIC. These non-EU enforcers are included in the Cookie Fines database.