Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2022-08-19 Medical laboratory
Insufficient technical and organisational measures to ensure information security
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 12Art. 13Art. 14 €20,000
2022-08-11 Lolland municipiality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 32 €6,700
2022-08-04 JAÉN SENTIDO Y COMÚN
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €2,000
2022-07-29 ESTUDIOS EUROPEOS DE POSTGRADO Y EMPRESA, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €3,000
2022-07-21 Telecommunications company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 25Art. 32 €285,000
2022-07-21 Azienda Socio Sanitaria Territoriale Rhodense
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €3,000
2022-07-19 Bookstore employee
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €4,000
2022-07-14 SIRIUS (law firm)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 32 €67,200
2022-07-13 Manx Care Ltd
Non-compliance with general data processing principles
🇪🇺 Information Commissioner of Isle of Man Art. 5Art. 24Art. 25Art. 32 €202,000
2022-07-13 DKV Seguros y Reaseguros, S.A.E.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32Art. 33 €132,000
2022-07-12 FREE SUN ENERGY S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €6,000
2022-07-07 E Software Concept SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32Art. 58 €4,000
2022-06-30 Continental Automotive Romania SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 24Art. 32 €2,000
2022-06-20 SC Interactions Marketing SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €1,000
2022-06-15 S.C. Wine Point S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2022-06-09 Tavistock & Portman NHS Foundation Trust
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32 €91,000
2022-06-03 Kaufland Romania SCS
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 29Art. 32 €2,000
2022-05-26 Azienda sanitaria universitaria Friuli Centrale
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €70,000
2022-05-26 Azienda sanitaria universitaria Friuli Occidentale
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €50,000
2022-05-24 MED LIFE S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2022-05-22 Azienda Socio Sanitaria Territoriale Dei Sette Laghi
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €7,000
2022-05-12 Civilstyrelsen
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 32Art. 33 €13,400
2022-05-12 LORIS FUEL SHOP SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 29Art. 32 €1,000
2022-05-04 Bulgarian Post EAD
Insufficient technical and organisational measures to ensure information security
🇪🇺 Bulgarian Commission for Personal Data Protection (KZLD) Art. 32 €500,000
2022-05-03 City of Reykjavík
Insufficient legal basis for data processing
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 6Art. 32 €36,000