Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2022-01-26 | Slane Credit Union Ltd. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 24Art. 28Art. 30 | €5,000 |
| 2022-01-19 | Fortum Marketing and Sales Polska S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 28 | €1,000,000 |
| 2022-01-19 | PIKA Sp. z o.o. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 28Art. 32 | €53,000 |
| 2022-01-17 | C-Planet (IT Solutions) Limited Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 5Art. 6Art. 9Art. 14 | €65,000 |
| 2022-01-14 | PHARMA TALENTS, S.L.U. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €2,400 |
| 2022-01-13 | Azienda sanitaria unica regionale Marche Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32Art. 35 | €14,000 |
| 2022-01-01 | MALTA DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 32 | €250,000 |
| 2022-01-01 | MALTA DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 Data Protection Commissioner of Malta | Art. 5Art. 6Art. 9Art. 32 | €65,000 |
| 2022-01-01 | Bank of Cyprus Public Company Ltd. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 5Art. 24Art. 32 | €17,000 |
| 2022-01-01 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Niedersachsen | Art. 32 | €8,900 |
| 2022-01-01 | DW Dynamic Works LIMITED Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 32 | €7,500 |
| 2022-01-01 | Hermes Airport Ltd. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 24Art. 32 | €6,000 |
| 2022-01-01 | DW Dynamic Works LIMITED Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 32 | €5,000 |
| 2022-01-01 | Cyprus Electricity Authority Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 5Art. 24Art. 32 | €5,000 |
| 2022-01-01 | Cypriot Ministry of Defense Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 24Art. 32 | €5,000 |
| 2022-01-01 | PRINTAFORM Ltd. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 28Art. 32 | €3,750 |
| 2022-01-01 | Covid-19 test center Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hamburg | Art. 32 | €2,700 |
| 2022-01-01 | MALTA DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 24Art. 32 | €2,500 |
| 2022-01-01 | Physician Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hamburg | Art. 32 | €1,000 |
| 2022-01-01 | Logistics company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hamburg | Art. 32Art. 33 | — |
| 2022-01-01 | Bank Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Brandenburg | Art. 28Art. 32 | — |
| 2022-01-01 | Aid organization Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Brandenburg | Art. 28Art. 32 | — |
| 2021-12-29 | Greek Ministry of Tourism Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 13Art. 32Art. 33Art. 37 | €75,000 |
| 2021-12-28 | FREE MOBILE Insufficient fulfilment of data subjects rights | 🇪🇺 French Data Protection Authority (CNIL) | Art. 12Art. 15Art. 21Art. 25 | €300,000 |
| 2021-12-28 | SLIMPAY Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 28Art. 32Art. 34 | €180,000 |