Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2026-06-12 | Națională Poșta Română Insufficient technical and organisational measures to ensure information security | 🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2026-06-02 | Minister of Justice Insufficient technical and organisational measures to ensure information security | 🇵🇱 Polish National Personal Data Protection Office (UODO) | Art. 32 | €23,540 |
| 2026-05-29 | Unicredit Bank SA Insufficient technical and organisational measures to ensure information security | 🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 33 | €12,000 |
| 2026-05-08 | Permanent TSB Insufficient technical and organisational measures to ensure information security | 🇮🇪 Data Protection Authority of Ireland | Art. 5Art. 32Art. 33 | €277,500 |
| 2026-05-07 | South Staffordshire Plc Insufficient technical and organisational measures to ensure information security | 🇬🇧 Information Commissioner (ICO) | Art. 5Art. 32 | €1,112,100 |
| 2026-04-30 | BLUE PROJECTS INDUSTRIES S.R.L. Insufficient technical and organisational measures to ensure information security | 🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,500 |
| 2026-04-17 | Poste Italiane S.p.a. Non-compliance with general data processing principles | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 13Art. 25 | €6,624,000 |
| 2026-04-17 | Postepay S.p.a. Non-compliance with general data processing principles | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 13Art. 25 | €5,877,000 |
| 2026-04-17 | Business Owner Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 32 | €2,000 |
| 2026-04-03 | BLUE PROJECTS S.R.L. Insufficient technical and organisational measures to ensure information security | 🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,500 |
| 2026-03-27 | Legal Person Insufficient technical and organisational measures to ensure information security | 🇸🇮 Slovenian Supervisory Authority (Informacijski pooblaščenec) | Art. 32 | €13,491 |
| 2026-03-26 | Intesa Sanpaolo S.p.A. Insufficient technical and organisational measures to ensure information security | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 24Art. 32Art. 34 | €31,800,000 |
| 2026-03-25 | RENAULT COMMERCIAL ROUMANIE S.R.L. Insufficient technical and organisational measures to ensure information security | 🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 28Art. 32 | €125,000 |
| 2026-03-23 | ING Bank NV Amsterdam – Sucursala București S.A. Insufficient technical and organisational measures to ensure information security | 🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €4,000 |
| 2026-03-12 | Hanako s.r.l. Insufficient technical and organisational measures to ensure information security | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 32 | €2,000 |
| 2026-03-12 | Liceo Scientifico Morgagni di Roma Insufficient technical and organisational measures to ensure information security | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 32 | €2,000 |
| 2026-02-26 | Dedalus Italia S.p.A. Insufficient technical and organisational measures to ensure information security | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 32 | €32,000 |
| 2026-02-19 | Your Consulting SRL Insufficient technical and organisational measures to ensure information security | 🇷🇴 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 25Art. 32 | €3,000 |
| 2026-02-16 | Slovenia DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇸🇮 Slovenian Supervisory Authority (Informacijski pooblaščenec) | Art. 32 | €5,500 |
| 2026-02-05 | DPD Polska sp. z o.o. Insufficient data processing agreement | 🇵🇱 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 29Art. 32 | €2,682,000 |
| 2026-02-04 | GENPACT ROMANIA SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €10,000 |
| 2026-02-03 | FREE TECHNOLOGIES EXCOM, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32 | €10,000 |
| 2026-01-26 | Sportadmin i Skandinavien AB Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 32 | €565,000 |
| 2026-01-22 | FRANCE TRAVAIL Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32 | €5,000,000 |
| 2026-01-19 | Continental Automotive Products SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 32 | €15,000 |
1–25 of 762 next →