Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2023-10-02 Cez Vânzare S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €1,000
2023-09-28 Azienda Usl Toscana centro
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €50,000
2023-09-28 Asl Napoli 3 Sud
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 25Art. 32 €30,000
2023-09-26 RESTART ENERGY ONE S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €25,000
2023-09-26 Hotel
Insufficient legal basis for data processing
🇪🇺 Croatian Data Protection Authority (azop) Art. 6Art. 13Art. 32Art. 38 €15,000
2023-08-31 Mednow Medical Center di Giugni Marco
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 12Art. 15 €10,000
2023-08-29 ALBEN AIRPORT FACILITIES S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €1,500
2023-08-28 Trygg-Hansa
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Sweden Art. 5Art. 32 €3,000,000
2023-08-28 WALL BOX CHARGERS S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €4,800
2023-08-25 Homeowners' association
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €1,500
2023-08-21 Uipath SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 25Art. 32 €70,000
2023-07-28 Open Bank, S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 25Art. 32 €2,500,000
2023-07-27 FONTANORTE, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €1,200
2023-07-18 Azienda Socio Sanitaria Territoriale Ovest Milanese
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €12,000
2023-07-18 Company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 24Art. 25Art. 32 €3,400
2023-07-18 ING Bank NV Amsterdam Sucursala București
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2023-07-07 RCL CRUISES LTD
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €15,000
2023-07-05 LISMARTSA, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €1,200
2023-07-04 CaixaBank, S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €25,000
2023-07-03 Heilsuveru
Insufficient technical and organisational measures to ensure information security
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 25Art. 32 €81,000
2023-06-28 Sjúkratyringur Íslands
Insufficient technical and organisational measures to ensure information security
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 25Art. 32 €13,400
2023-06-27 Farmacia Ardealul SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,500
2023-06-22 Digi Telecommunications and Services Ltd.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 5Art. 32 €205,000
2023-06-15 Artima S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €8,000
2023-06-08 Rinascente S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 12Art. 32Art. 35 €300,000