Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2023-12-11 Veranda Obor S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2023-12-07 Azienda socio sanitaria territoriale nord Milano, C.F.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €40,000
2023-12-07 Hora Credit IFN SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15Art. 32Art. 33 €24,000
2023-11-27 Norwegian Labor and Welfare Administration
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 5Art. 24Art. 25Art. 32 €1,700,000
2023-11-24 Pharmacy owner
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €10,000
2023-11-22 Open University of Cyprus
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 5Art. 32 €45,000
2023-11-16 FORO ASTURIAS
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €20,000
2023-11-16 Cluster S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €18,000
2023-11-13 Rompetrol Downstream SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €110,000
2023-11-07 THE BEE LOGISTICS, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €70,000
2023-11-07 Indcap AB
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden Art. 32 €43,000
2023-11-07 Homeowners' association
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €1,000
2023-11-03 OTP BANK ROMANIA SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2023-11-03 SINDICATO LIBRE DE TRANSPORTES
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €2,000
2023-11-02 INSTITUT MARQUÉS OBSTETRICIA I GINECOLOGIA, S.L.P.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32Art. 34 €48,000
2023-10-26 CAIXABANK, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 25Art. 32 €5,000,000
2023-10-26 Ophthalmologic institute
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €7,000
2023-10-25 ENDESA ENERGÍA, S.A.U.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32Art. 33Art. 34 €6,100,000
2023-10-24 Mensajero SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2023-10-20 BANCO BILBAO VIZCAYA ARGENTARIA, S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 25Art. 32 €800,000
2023-10-12 GROUPE CANAL +
Insufficient fulfilment of data subjects rights
🇪🇺 French Data Protection Authority (CNIL) Art. 7Art. 12Art. 13Art. 14 €600,000
2023-10-12 Azienda socio sanitaria territoriale di Lodi CF
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €40,000
2023-10-10 ILUNION SEGURIDAD, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €15,000
2023-10-10 NORDETIA CLINICS MÓSTOLES S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €1,500
2023-10-05 Debt collection company
Insufficient legal basis for data processing
🇪🇺 Croatian Data Protection Authority (azop) Art. 5Art. 6Art. 12Art. 13 €5,470,000