Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2023-06-08 | KG COM Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 6Art. 9Art. 12 | €150,000 |
| 2023-06-07 | UNITED PARCEL SERVICE ESPAÑA LTD. Y CIA SRC Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €84,000 |
| 2023-06-06 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €3,000 |
| 2023-06-01 | PELAYO, MUTUA DE SEGUROS Y REASEGUROS A PRIMA FIJA Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €42,000 |
| 2023-06-01 | Camedi s.r.l. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €10,000 |
| 2023-05-31 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32Art. 33 | €10,600 |
| 2023-05-18 | Sports betting operator Insufficient legal basis for data processing | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 6Art. 13Art. 25Art. 32 | €380,000 |
| 2023-05-18 | AUTOMOBILE BAVARIA SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 25 | €18,000 |
| 2023-05-17 | Azienda ULSS 6 Euganea Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 32 | €10,000 |
| 2023-05-16 | Municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 32 | €6,700 |
| 2023-05-12 | NN Pensii Societate de Administrare a unui Fond de Pensii Administrat Privat S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €1,500 |
| 2023-05-12 | NN Asigurări de Viață S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €1,000 |
| 2023-05-05 | Municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32 | €2,200 |
| 2023-05-04 | Debt collection agency Insufficient technical and organisational measures to ensure information security | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 6Art. 13Art. 28Art. 32 | €2,265,000 |
| 2023-05-02 | NAGA Markets Europe Ltd Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 5Art. 32 | €9,000 |
| 2023-04-27 | Benetton Group S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €240,000 |
| 2023-04-27 | Ama S.p.a. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 28Art. 29Art. 32Art. 2 | €239,000 |
| 2023-04-27 | Roma Capitale Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 28Art. 29 | €176,000 |
| 2023-04-26 | Skåne region Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden | Art. 32 | €17,600 |
| 2023-04-20 | Company Non-compliance with general data processing principles | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 5Art. 32 | €20,000 |
| 2023-04-20 | Disciplinary officer Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32 | €5,400 |
| 2023-04-13 | TIM S.p.A. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €7,631,175 |
| 2023-03-23 | Bolzano municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 25Art. 32Art. 33 | €30,000 |
| 2023-03-23 | Informatica Alto Adige Spa Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €10,000 |
| 2023-03-23 | Azienda socio-sanitaria locale n. 1 di Sassari Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €4,000 |