Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2023-06-08 KG COM
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 6Art. 9Art. 12 €150,000
2023-06-07 UNITED PARCEL SERVICE ESPAÑA LTD. Y CIA SRC
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €84,000
2023-06-06 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €3,000
2023-06-01 PELAYO, MUTUA DE SEGUROS Y REASEGUROS A PRIMA FIJA
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €42,000
2023-06-01 Camedi s.r.l.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €10,000
2023-05-31 Company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32Art. 33 €10,600
2023-05-18 Sports betting operator
Insufficient legal basis for data processing
🇪🇺 Croatian Data Protection Authority (azop) Art. 6Art. 13Art. 25Art. 32 €380,000
2023-05-18 AUTOMOBILE BAVARIA SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32Art. 25 €18,000
2023-05-17 Azienda ULSS 6 Euganea
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 32 €10,000
2023-05-16 Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 24Art. 25Art. 32 €6,700
2023-05-12 NN Pensii Societate de Administrare a unui Fond de Pensii Administrat Privat S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €1,500
2023-05-12 NN Asigurări de Viață S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €1,000
2023-05-05 Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €2,200
2023-05-04 Debt collection agency
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 6Art. 13Art. 28Art. 32 €2,265,000
2023-05-02 NAGA Markets Europe Ltd
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 5Art. 32 €9,000
2023-04-27 Benetton Group S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €240,000
2023-04-27 Ama S.p.a.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 28Art. 29Art. 32Art. 2 €239,000
2023-04-27 Roma Capitale
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 28Art. 29 €176,000
2023-04-26 Skåne region
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden Art. 32 €17,600
2023-04-20 Company
Non-compliance with general data processing principles
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 32 €20,000
2023-04-20 Disciplinary officer
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €5,400
2023-04-13 TIM S.p.A.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €7,631,175
2023-03-23 Bolzano municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 25Art. 32Art. 33 €30,000
2023-03-23 Informatica Alto Adige Spa
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €10,000
2023-03-23 Azienda socio-sanitaria locale n. 1 di Sassari
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €4,000