The General Data Protection Regulation (GDPR) became enforceable on May 25th 2018. Since then, complaints against the AdTech industry are piling up, attacking intrusive tracking and profiling practices, unfairly obtained consent and insufficient legal basis, all of which we consider to infringe GDPR. This timeline is a list of some of the key actions taken against this ecosystem, a reminder of the challenges that AdTech companies are facing and a demonstration that GDPR still has to be implemented and enforced.