Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2024-05-07 | 4FINANCE SPAIN
FINANCIAL SERVICES, S.A.U. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €360,000 |
| 2024-04-30 | Central Young Men’s Christian Association Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €8,700 |
| 2024-04-29 | Res-Gastro M. Gaweł Sp. k. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 24Art. 25Art. 32 | €56,000 |
| 2024-04-24 | Committee Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32 | €2,500 |
| 2024-04-23 | ALPHA BANK ROMANIA SA. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €2,000 |
| 2024-04-12 | PRESTAMER, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €1,800 |
| 2024-04-11 | Facile.Energy S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 24Art. 25 | €100,000 |
| 2024-04-11 | Olimpia S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 24Art. 25 | €100,000 |
| 2024-03-21 | HIPERBAZAR YONGFA 2018 SL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €5,000 |
| 2024-03-05 | EURO MINI STORAGE ROMANIA SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 24Art. 32 | €5,000 |
| 2024-02-28 | Hellenic Post (ΕΛΛΗΝΙΚΑ ΤΑΧΥΔΡΟΜΕΙΑ ΑΝΩΝΥΜΗ ΕΤΑΙΡΕΙΑ) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 32 | €2,995,140 |
| 2024-02-26 | VESTA CEU ROMÂNIA SRL. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2024-02-12 | CTC EXTERNALIZACIÓN, S.L Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13Art. 32Art. 35 | €365,000 |
| 2024-02-08 | UniCredit S.p.a. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €2,800,000 |
| 2024-02-08 | Medtronic Italia Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 12Art. 13 | €300,000 |
| 2024-02-08 | CENTRO MÉDICO SALUS BALEARES, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €30,000 |
| 2024-02-08 | Azienda socio-sanitaria locale n. 1 di Sassari Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €18,000 |
| 2024-02-07 | IBERDROLA, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €3,000,000 |
| 2024-02-05 | I-DE REDES ELÉCTRICAS INTELIGENTES, S.A.U. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €3,500,000 |
| 2024-01-23 | AMAZON FRANCE LOGISTIQUE Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 6Art. 12Art. 13 | €32,000,000 |
| 2024-01-17 | Centrum Medyczne Ujastek Sp. z o.o. Non-compliance with general data processing principles | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 6Art. 9Art. 13 | €273,000 |
| 2024-01-15 | TECHNINK LEB SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2024-01-01 | Doctor´s Office Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hessen | Art. 5Art. 6Art. 9Art. 32 | €2,500 |
| 2023-12-27 | THE PHONE HOUSE SPAIN, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €6,500,000 |
| 2023-12-20 | Polish Minister of Health Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 25Art. 32Art. 34 | €23,000 |