Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2021-09-20 ST. OLAVS HOSPITAL HF
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 32 €75,600
2021-09-20 Høylandet Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 32 €40,200
2021-09-17 Syddanmark Region
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 32 €67,200
2021-09-16 Favrskov municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 32 €10,000
2021-09-08 Midtjylland Region
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 32 €53,800
2021-09-06 APOEL FC
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 32 €40,000
2021-09-06 AC Omonia
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 32 €40,000
2021-09-06 Hellenic Technical Enterprises Ltd.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 32 €25,000
2021-09-02 Automecanica Jerez, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32Art. 21 €4,000
2021-08-25 Banco Bilbao Vizcaya Argentaria, S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €120,000
2021-08-24 Actamedica SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 28Art. 32Art. 33 €3,000
2021-08-23 Agency
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €1,800
2021-08-20 MOVE Ireland
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 32 €1,500
2021-08-17 Danish Immigration Agency
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 5Art. 32 €20,100
2021-08-13 President of the Zgierz District Court
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €2,200
2021-08-05 Insurance company
Insufficient technical and organisational measures to ensure information security
🇪🇺 National Commission for Data Protection (CNPD) Art. 5Art. 32Art. 33 €135,000
2021-08-02 Club Náutico el Estacio
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €3,000
2021-07-22 Deliveroo Italy s.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 22Art. 25 €2,500,000
2021-07-22 Roma Capitale
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 12Art. 13Art. 25 €800,000
2021-07-22 Atac s.p.a.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 30Art. 32 €400,000
2021-07-16 Region of Syddanmark
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 32 €67,900
2021-07-05 Mermaids
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32 €29,000
2021-07-05 IT services company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 32
2021-06-16 Vejle Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 32 €27,000
2021-06-14 BRICO PRIVÉ
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 13Art. 17Art. 32 €500,000