Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2024-09-13 | Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 5Art. 6Art. 12Art. 13 | €190,000 |
| 2024-09-04 | University of Agder Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 32Art. 24 | €12,700 |
| 2024-08-29 | Apoteket AB. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 32 | €3,200,000 |
| 2024-08-29 | Apohem AB Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 32 | €698,000 |
| 2024-08-20 | Ana Hotels SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €8,000 |
| 2024-08-12 | UNIQLO EUROPE, LTD, SUCURSAL EN ESPAÑA Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €270,000 |
| 2024-07-17 | Hera Comm S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 12Art. 15Art. 24 | €5,000,000 |
| 2024-07-04 | Postel S.p.A Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 25Art. 32Art. 33 | €900,000 |
| 2024-06-27 | METRO SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 15Art. 17Art. 24Art. 32 | €50,000 |
| 2024-06-26 | AXA REAL ESTATE INVESTMENT MANAGERS IBERICA S.A. y SEUR GEOPOST, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32 | €80,000 |
| 2024-06-25 | Rețele Electrice Muntenia SA. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2024-06-25 | Rețele Electrice Dobrogea SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €1,000 |
| 2024-06-24 | Avanza Bank AB Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden | Art. 5Art. 32 | €1,300,000 |
| 2024-06-13 | Healthcare facility Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 24Art. 25Art. 32Art. 34 | €9,200 |
| 2024-06-10 | ALLIANZ COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €160,000 |
| 2024-06-06 | Covid 19 Test Lab Insufficient technical and organisational measures to ensure information security | 🇪🇺 Austrian Data Protection Authority (dsb) | Art. 9Art. 5Art. 28Art. 32 | €100,000 |
| 2024-05-30 | PILLOW HOTELS, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32Art. 33 | €4,200 |
| 2024-05-28 | CAIXABANK S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €70,000 |
| 2024-05-20 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 32 | €336,000 |
| 2024-05-09 | Azienda ospedale università di Padova Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 25Art. 32 | €75,000 |
| 2024-05-09 | IRIDEX GROUP SALUBRIZARE SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2024-05-09 | Homeowners' association Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €1,600 |
| 2024-05-09 | MEDICOVER SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €1,000 |
| 2024-05-08 | DENTALCUADROS BCN S.L.P. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32Art. 33 | €12,000 |
| 2024-05-08 | CENTRUL MEDICAL UNIREA SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |