Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2022-01-26 Slane Credit Union Ltd.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 24Art. 28Art. 30 €5,000
2022-01-19 Fortum Marketing and Sales Polska S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 24Art. 25Art. 28 €1,000,000
2022-01-19 PIKA Sp. z o.o.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 28Art. 32 €53,000
2022-01-17 C-Planet (IT Solutions) Limited
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 5Art. 6Art. 9Art. 14 €65,000
2022-01-14 PHARMA TALENTS, S.L.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €2,400
2022-01-13 Azienda sanitaria unica regionale Marche
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32Art. 35 €14,000
2022-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 32 €250,000
2022-01-01 MALTA DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 Data Protection Commissioner of Malta Art. 5Art. 6Art. 9Art. 32 €65,000
2022-01-01 Bank of Cyprus Public Company Ltd.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 5Art. 24Art. 32 €17,000
2022-01-01 Company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Niedersachsen Art. 32 €8,900
2022-01-01 DW Dynamic Works LIMITED
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 32 €7,500
2022-01-01 Hermes Airport Ltd.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 24Art. 32 €6,000
2022-01-01 DW Dynamic Works LIMITED
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 32 €5,000
2022-01-01 Cyprus Electricity Authority
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 5Art. 24Art. 32 €5,000
2022-01-01 Cypriot Ministry of Defense
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 24Art. 32 €5,000
2022-01-01 PRINTAFORM Ltd.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 28Art. 32 €3,750
2022-01-01 Covid-19 test center
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 32 €2,700
2022-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 24Art. 32 €2,500
2022-01-01 Physician
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 32 €1,000
2022-01-01 Logistics company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 32Art. 33
2022-01-01 Bank
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Brandenburg Art. 28Art. 32
2022-01-01 Aid organization
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Brandenburg Art. 28Art. 32
2021-12-29 Greek Ministry of Tourism
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 13Art. 32Art. 33Art. 37 €75,000
2021-12-28 FREE MOBILE
Insufficient fulfilment of data subjects rights
🇪🇺 French Data Protection Authority (CNIL) Art. 12Art. 15Art. 21Art. 25 €300,000
2021-12-28 SLIMPAY
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 28Art. 32Art. 34 €180,000