Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2022-08-19 | Medical laboratory Insufficient technical and organisational measures to ensure information security | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 12Art. 13Art. 14 | €20,000 |
| 2022-08-11 | Lolland municipiality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Danish Data Protection Authority (Datatilsynet) | Art. 32 | €6,700 |
| 2022-08-04 | JAÉN SENTIDO Y COMÚN Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €2,000 |
| 2022-07-29 | ESTUDIOS EUROPEOS DE POSTGRADO Y EMPRESA, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €3,000 |
| 2022-07-21 | Telecommunications company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 25Art. 32 | €285,000 |
| 2022-07-21 | Azienda Socio Sanitaria Territoriale Rhodense Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €3,000 |
| 2022-07-19 | Bookstore employee Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €4,000 |
| 2022-07-14 | SIRIUS (law firm) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Danish Data Protection Authority (Datatilsynet) | Art. 32 | €67,200 |
| 2022-07-13 | Manx Care Ltd Non-compliance with general data processing principles | 🇪🇺 Information Commissioner of Isle of Man | Art. 5Art. 24Art. 25Art. 32 | €202,000 |
| 2022-07-13 | DKV Seguros y Reaseguros, S.A.E. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32Art. 33 | €132,000 |
| 2022-07-12 | FREE SUN ENERGY S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €6,000 |
| 2022-07-07 | E Software Concept SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 58 | €4,000 |
| 2022-06-30 | Continental Automotive Romania SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 24Art. 32 | €2,000 |
| 2022-06-20 | SC Interactions Marketing SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €1,000 |
| 2022-06-15 | S.C. Wine Point S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2022-06-09 | Tavistock & Portman NHS Foundation Trust Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €91,000 |
| 2022-06-03 | Kaufland Romania SCS Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €2,000 |
| 2022-05-26 | Azienda sanitaria universitaria Friuli Centrale Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 25Art. 32 | €70,000 |
| 2022-05-26 | Azienda sanitaria universitaria Friuli Occidentale Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 25Art. 32 | €50,000 |
| 2022-05-24 | MED LIFE S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2022-05-22 | Azienda Socio Sanitaria Territoriale Dei Sette Laghi Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €7,000 |
| 2022-05-12 | Civilstyrelsen Insufficient technical and organisational measures to ensure information security | 🇪🇺 Danish Data Protection Authority (Datatilsynet) | Art. 32Art. 33 | €13,400 |
| 2022-05-12 | LORIS FUEL SHOP SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €1,000 |
| 2022-05-04 | Bulgarian Post EAD Insufficient technical and organisational measures to ensure information security | 🇪🇺 Bulgarian Commission for Personal Data Protection (KZLD) | Art. 32 | €500,000 |
| 2022-05-03 | City of Reykjavík Insufficient legal basis for data processing | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 6Art. 32 | €36,000 |