Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2022-04-28 Istituto Nazionale Assicurazione Infortuni sul Lavoro
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9Art. 32 €50,000
2022-04-26 ASST di Lodi
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €1,000
2022-04-22 Political party
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 5Art. 32 €8,000
2022-04-15 DEDALUS BIOLOGIE
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 28Art. 29Art. 32 €1,500,000
2022-04-11 BASER COMERCIALIZADORA DE REFERENCIA, S.A.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6Art. 32 €150,000
2022-04-07 Dutch Tax and Customs Administration
Non-compliance with general data processing principles
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 5Art. 6Art. 32Art. 35 €3,700,000
2022-04-07 Azienda ospedaliera di Perugia
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 14Art. 25 €40,000
2022-04-07 Tecnomed Trento s.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 29Art. 32 €10,000
2022-04-05 Bank of Ireland
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 32Art. 33Art. 34 €463,000
2022-03-28 Condor SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2022-03-24 Brav s.r.l.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €10,000
2022-03-22 English School Cyprus
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 32 €4,000
2022-03-21 English School staff union (ESSA)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 32 €5,000
2022-03-10 Azienda USL Toscana Centro
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €10,000
2022-03-08 Retail company (name not available at the moment)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 32 €89,250
2022-03-04 Norwegian Parliament
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 5Art. 32 €195,000
2022-02-24 Dutch Foreign Ministry
Insufficient technical and organisational measures to ensure information security
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 13Art. 32 €565,000
2022-02-10 Scanshare S.r.l.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 28Art. 32 €10,000
2022-02-02 Lillestrøm Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 5Art. 6Art. 32 €30,000
2022-02-02 IAB Europe
Insufficient legal basis for data processing
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 9Art. 12 €0
2022-01-27 OTE Group
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 32 €3,200,000
2022-01-27 EU DisinfoLab
Non-compliance with general data processing principles
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 9Art. 12 €2,800
2022-01-27 Researcher
Non-compliance with general data processing principles
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 9Art. 12 €1,200
2022-01-26 Uppsala hospital board
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €152,000
2022-01-26 Uppsala regional board
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 32 €28,500