Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2021-06-11 | LUXEMBOURG DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 National Commission for Data Protection (CNPD) | Art. 5Art. 13Art. 32 | €7,200 |
| 2021-06-10 | Foodinho s.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 22Art. 25 | €2,600,000 |
| 2021-06-10 | Aeroporto Guglielmo Marconi di Bologna S.p.a. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 25Art. 32 | €40,000 |
| 2021-06-10 | aiComply S.r.l. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 28Art. 32 | €40,000 |
| 2021-06-09 | Directorate of the Östra Skaraborg Rescue Service Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €34,800 |
| 2021-06-07 | MedHelp AB Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 6Art. 9Art. 13 | €1,200,000 |
| 2021-06-07 | Voice Integrate Nordic AB Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 32 | €64,500 |
| 2021-06-04 | Moss municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 32 | €49,200 |
| 2021-05-31 | UWV (Dutch employee insurance service provider) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 32 | €450,000 |
| 2021-05-28 | BRAbank ASA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 24Art. 32 | €39,700 |
| 2021-05-14 | Website operator Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 13Art. 32 | €200 |
| 2021-05-07 | World Class România S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2021-04-29 | InfoMentor ehf Insufficient technical and organisational measures to ensure information security | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 32 | €23,100 |
| 2021-04-26 | Financial company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 32 | €100,000 |
| 2021-04-22 | Cyfrowy Polsat S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish Data Protection Authority (UODO) | Art. 24Art. 32Art. 34 | €245,000 |
| 2021-04-21 | Fondazione Policlinico Tor Vergata di Roma Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 25Art. 32 | €15,000 |
| 2021-04-19 | Lugera & Makler Broker S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €1,500 |
| 2021-04-15 | Comune di Palermo Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 25Art. 32 | €40,000 |
| 2021-04-05 | Kukimbia S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32 | €3,000 |
| 2021-04-05 | Electrotecnica Bastida S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32 | €3,000 |
| 2021-03-30 | Telekom Romania Mobile Communications S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €10,000 |
| 2021-03-25 | Fastweb S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €4,500,000 |
| 2021-03-24 | Budapest Főváros Kormányhivatala XI. kerületi Hivatalát (11th District Public Health Department of the Government Office of the Capital City Budapest) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 32Art. 33Art. 34 | €27,700 |
| 2021-03-23 | S.C. Medicover S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2021-03-18 | Asesoría Alpi-Clúa S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €3,000 |