Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2023-10-02 | Cez Vânzare S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €1,000 |
| 2023-09-28 | Azienda Usl Toscana centro Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €50,000 |
| 2023-09-28 | Asl Napoli 3 Sud Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 25Art. 32 | €30,000 |
| 2023-09-26 | RESTART ENERGY ONE S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €25,000 |
| 2023-09-26 | Hotel Insufficient legal basis for data processing | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 6Art. 13Art. 32Art. 38 | €15,000 |
| 2023-08-31 | Mednow Medical Center di Giugni Marco Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 12Art. 15 | €10,000 |
| 2023-08-29 | ALBEN AIRPORT FACILITIES S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €1,500 |
| 2023-08-28 | Trygg-Hansa Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Sweden | Art. 5Art. 32 | €3,000,000 |
| 2023-08-28 | WALL BOX CHARGERS S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €4,800 |
| 2023-08-25 | Homeowners' association Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €1,500 |
| 2023-08-21 | Uipath SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 25Art. 32 | €70,000 |
| 2023-07-28 | Open Bank, S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 25Art. 32 | €2,500,000 |
| 2023-07-27 | FONTANORTE, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32 | €1,200 |
| 2023-07-18 | Azienda Socio Sanitaria Territoriale Ovest Milanese Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €12,000 |
| 2023-07-18 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 32 | €3,400 |
| 2023-07-18 | ING Bank NV Amsterdam Sucursala București Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2023-07-07 | RCL CRUISES LTD Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €15,000 |
| 2023-07-05 | LISMARTSA, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €1,200 |
| 2023-07-04 | CaixaBank, S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32 | €25,000 |
| 2023-07-03 | Heilsuveru Insufficient technical and organisational measures to ensure information security | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 25Art. 32 | €81,000 |
| 2023-06-28 | Sjúkratyringur Íslands Insufficient technical and organisational measures to ensure information security | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 25Art. 32 | €13,400 |
| 2023-06-27 | Farmacia Ardealul SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,500 |
| 2023-06-22 | Digi Telecommunications and Services Ltd. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 5Art. 32 | €205,000 |
| 2023-06-15 | Artima S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €8,000 |
| 2023-06-08 | Rinascente S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 12Art. 32Art. 35 | €300,000 |