UK DUAA right to complain enforces in -- days · 19 June 2026 EU AI Act high-risk enforces in -- days · 2 August 2026
OBEXGATE
Free AI Risk Assessment Does OBEXGATE apply to you?

Enforcement Intelligence

GDPR Enforcement Risk in Spain Industry and Commerce

Real enforcement patterns. Operational governance signals. Practical remediation paths.

Analyse your AI governance risk

Free AI Risk Assessment Informational Meeting

Enterprise-grade AI governance without the enterprise team. Português, Français, Deutsch, Español, and English. 89 Articles, 4 Continents, within your budget and expertise level. Runtime AI Governance. For a demo: hello@obexgate.com

Enforcement Summary

Total finesEUR 9.6M
Enforcement actions226
Largest fineEUR 3.2M
Most common violationInsufficient fulfilment of information obligations
Primary regulatorSpanish Data Protection Authority (aepd)
Risk signal84

Top Violations

Structured violation patterns are shown only when supplied in the enforcement dataset.

Insufficient fulfilment of information obligations

Count
67

Insufficient legal basis for data processing

Count
49

Non-compliance with general data processing principles

Count
43

Insufficient cooperation with supervisory authority

Count
26

Insufficient technical and organisational security measures

Count
19

Common Patterns

Operational patterns that repeat across enforcement records.

Real Examples

Examples are shown only when source-backed records are supplied.

CENTROS COMERCIALES CARREFOUR, S.A.

Regulator
Spanish Data Protection Authority (aepd)
Date
2025-03-14
Fine amount
EUR 3.2M
Source
Source
Governance lesson
Insufficient technical and organisational security measures

Supermarket chain

Regulator
Spanish Data Protection Authority (aepd)
Date
2021-07-26
Fine amount
EUR 2.5M
Source
Source
Governance lesson
Insufficient legal basis for data processing

Sporting goods retailer

Regulator
Spanish Data Protection Authority (aepd)
Date
2025-11-28
Fine amount
EUR 1.6M
Source
Source
Governance lesson
Insufficient technical and organisational security measures

Enforcement Pattern › Governance Control › Runtime Evidence

OBEXGATE Remediation Positioning

OBEXGATE turns enforcement patterns into operational controls and runtime evidence.

Enforcement Pattern Governance Control Runtime Evidence

Source and Update Positioning

Source datasetSpanish Data Protection Authority (AEPD)
Last updated2026-06-02

Language alternates

Related OBEXGATE links

Information contained is not medical advice, legal advice, or a guarantee of success. Regulatory requirements change and should be verified against current published guidance, legislation, and regulator materials.