Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2024-05-07 4FINANCE SPAIN FINANCIAL SERVICES, S.A.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €360,000
2024-04-30 Central Young Men’s Christian Association
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32 €8,700
2024-04-29 Res-Gastro M. Gaweł Sp. k.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 24Art. 25Art. 32 €56,000
2024-04-24 Committee
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €2,500
2024-04-23 ALPHA BANK ROMANIA SA.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 29Art. 32 €2,000
2024-04-12 PRESTAMER, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €1,800
2024-04-11 Facile.Energy S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 24Art. 25 €100,000
2024-04-11 Olimpia S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 24Art. 25 €100,000
2024-03-21 HIPERBAZAR YONGFA 2018 SL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €5,000
2024-03-05 EURO MINI STORAGE ROMANIA SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 24Art. 32 €5,000
2024-02-28 Hellenic Post (ΕΛΛΗΝΙΚΑ ΤΑΧΥΔΡΟΜΕΙΑ ΑΝΩΝΥΜΗ ΕΤΑΙΡΕΙΑ)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 32 €2,995,140
2024-02-26 VESTA CEU ROMÂNIA SRL.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2024-02-12 CTC EXTERNALIZACIÓN, S.L
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13Art. 32Art. 35 €365,000
2024-02-08 UniCredit S.p.a.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €2,800,000
2024-02-08 Medtronic Italia
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 12Art. 13 €300,000
2024-02-08 CENTRO MÉDICO SALUS BALEARES, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €30,000
2024-02-08 Azienda socio-sanitaria locale n. 1 di Sassari
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €18,000
2024-02-07 IBERDROLA, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €3,000,000
2024-02-05 I-DE REDES ELÉCTRICAS INTELIGENTES, S.A.U.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €3,500,000
2024-01-23 AMAZON FRANCE LOGISTIQUE
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 6Art. 12Art. 13 €32,000,000
2024-01-17 Centrum Medyczne Ujastek Sp. z o.o.
Non-compliance with general data processing principles
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 6Art. 9Art. 13 €273,000
2024-01-15 TECHNINK LEB SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2024-01-01 Doctor´s Office
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hessen Art. 5Art. 6Art. 9Art. 32 €2,500
2023-12-27 THE PHONE HOUSE SPAIN, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €6,500,000
2023-12-20 Polish Minister of Health
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 25Art. 32Art. 34 €23,000