Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2023-01-01 Company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 9Art. 32 €75,000
2023-01-01 Physician
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hessen Art. 5Art. 32 €3,600
2023-01-01 Operator of a dating platform
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Bremen Art. 32
2023-01-01 Daycare center
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 32
2022-12-30 A&G Couriers Limited T/A Fastway Couriers (Ireland)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 32 €15,000
2022-12-27 Kaufland Romania SCS
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 29Art. 32 €3,000
2022-12-22 VIEC Limited
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 32 €100,000
2022-12-22 SUDREZIDENȚIAL Broker S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €10,000
2022-12-15 Eurosanità S.P.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €120,000
2022-12-09 Casa Rusu S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 25Art. 32 €2,000
2022-12-08 FREE SAS
Insufficient fulfilment of data subjects rights
🇪🇺 French Data Protection Authority (CNIL) Art. 12Art. 15Art. 17Art. 32 €300,000
2022-12-02 CASA 7 PERSONAL SHOPPER, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €3,500
2022-11-25 OTP LEASING ROMANIA IFN SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 25Art. 32 €3,000
2022-11-24 Private individual
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9Art. 32 €1,000
2022-11-24 Medicover S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €1,000
2022-11-21 ING Bank NV Amsterdam Sucursala București
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €20,000
2022-11-16 Raiffeisen Bank SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 25Art. 32 €28,000
2022-11-15 BANKINTER, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €80,000
2022-11-11 Banco Bilbao Vizcaya Argentaria S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €48,000
2022-11-10 DISCORD INC.
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 13Art. 25Art. 32 €800,000
2022-11-10 Azienda Usl Valle d'Aosta
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €40,000
2022-11-07 Romanian Post
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2022-11-03 UNITED PARCEL SERVICE ESPAÑA LTD Y COMPAÑIA SRC
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €70,000
2022-11-02 Mayor
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €1,700
2022-10-31 BANCO BILBAO VIZCAYA ARGENTARIA, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €70,000