Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2021-03-15 Air Europa Lineas Aereas, SA.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32Art. 33 €600,000
2021-03-15 Asker Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 5Art. 6Art. 32Art. 24 €100,000
2021-03-15 Ålesund Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 32Art. 24Art. 35 €4,900
2021-03-10 Xfera Moviles S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 17Art. 32 €90,000
2021-03-04 Natural person holding the position of General Secretary for a political party in Bucharest
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32Art. 58 €500
2021-03-03 Hellenic Bank
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 5Art. 32Art. 33 €25,000
2021-03-03 KEPIDES
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 32 €6,000
2021-03-03 Private Individual
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Sachsen-Anhalt Art. 5Art. 32 €0
2021-03-02 Registrų Centras
Insufficient technical and organisational measures to ensure information security
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 32 €15,000
2021-02-26 Nacionaliniam visuomenės sveikatos centrui (NVSC)
Non-compliance with general data processing principles
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 13Art. 24Art. 32 €12,000
2021-02-26 IT sprendimai sėkmei
Non-compliance with general data processing principles
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 13Art. 24Art. 32 €3,000
2021-02-22 Security company (name not available at the moment)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 32
2021-02-11 OLVG
Insufficient technical and organisational measures to ensure information security
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 32 €440,000
2021-02-11 Roma Capitale
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 28Art. 32 €350,000
2021-02-11 Roma Servizi per La Mobilita S.r.l.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 32 €60,000
2021-02-11 Istituti ospedalieri bergamaschi
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €45,000
2021-02-11 Krajowa Szkoła Sądownictwa i Prokuratury
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 28Art. 32 €22,200
2021-02-10 ING Bank N.V. Amsterdam - Bucharest office
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 29Art. 32 €1,000
2021-02-04 Orthodontic Clinic
Insufficient technical and organisational measures to ensure information security
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 32 €12,000
2021-01-27 FRANCE DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 32 €150,000
2021-01-27 FRANCE DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 32 €75,000
2021-01-27 Azienda USL della Romagna
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €50,000
2021-01-22 BELGIUM DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 24Art. 32Art. 33 €25,000
2021-01-14 Agenzia regionale protezione ambientale Campania (ARPAC)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €8,000
2021-01-01 Bank
Insufficient technical and organisational measures to ensure information security
🇪🇺 Austrian Data Protection Authority (dsb) Art. 5Art. 32 €4,000,000