Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2023-01-01 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hamburg | Art. 9Art. 32 | €75,000 |
| 2023-01-01 | Physician Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hessen | Art. 5Art. 32 | €3,600 |
| 2023-01-01 | Operator of a dating platform Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Bremen | Art. 32 | — |
| 2023-01-01 | Daycare center Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hamburg | Art. 32 | — |
| 2022-12-30 | A&G Couriers Limited T/A Fastway Couriers (Ireland) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 32 | €15,000 |
| 2022-12-27 | Kaufland Romania SCS Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €3,000 |
| 2022-12-22 | VIEC Limited Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 32 | €100,000 |
| 2022-12-22 | SUDREZIDENȚIAL Broker S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €10,000 |
| 2022-12-15 | Eurosanità S.P.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €120,000 |
| 2022-12-09 | Casa Rusu S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 25Art. 32 | €2,000 |
| 2022-12-08 | FREE SAS Insufficient fulfilment of data subjects rights | 🇪🇺 French Data Protection Authority (CNIL) | Art. 12Art. 15Art. 17Art. 32 | €300,000 |
| 2022-12-02 | CASA 7 PERSONAL SHOPPER, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €3,500 |
| 2022-11-25 | OTP LEASING ROMANIA IFN SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 25Art. 32 | €3,000 |
| 2022-11-24 | Private individual Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 32 | €1,000 |
| 2022-11-24 | Medicover S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €1,000 |
| 2022-11-21 | ING Bank NV Amsterdam Sucursala București Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €20,000 |
| 2022-11-16 | Raiffeisen Bank SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 25Art. 32 | €28,000 |
| 2022-11-15 | BANKINTER, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €80,000 |
| 2022-11-11 | Banco Bilbao Vizcaya Argentaria S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €48,000 |
| 2022-11-10 | DISCORD INC. Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 13Art. 25Art. 32 | €800,000 |
| 2022-11-10 | Azienda Usl Valle d'Aosta Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 25Art. 32 | €40,000 |
| 2022-11-07 | Romanian Post Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2022-11-03 | UNITED PARCEL SERVICE ESPAÑA LTD Y COMPAÑIA SRC Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €70,000 |
| 2022-11-02 | Mayor Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32 | €1,700 |
| 2022-10-31 | BANCO BILBAO VIZCAYA ARGENTARIA, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €70,000 |