Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2021-03-15 | Air Europa Lineas Aereas, SA. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32Art. 33 | €600,000 |
| 2021-03-15 | Asker Municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 5Art. 6Art. 32Art. 24 | €100,000 |
| 2021-03-15 | Ålesund Municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 32Art. 24Art. 35 | €4,900 |
| 2021-03-10 | Xfera Moviles S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 17Art. 32 | €90,000 |
| 2021-03-04 | Natural person holding the position of General Secretary for a political party in Bucharest Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 58 | €500 |
| 2021-03-03 | Hellenic Bank Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 5Art. 32Art. 33 | €25,000 |
| 2021-03-03 | KEPIDES Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 32 | €6,000 |
| 2021-03-03 | Private Individual Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Sachsen-Anhalt | Art. 5Art. 32 | €0 |
| 2021-03-02 | Registrų Centras Insufficient technical and organisational measures to ensure information security | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 32 | €15,000 |
| 2021-02-26 | Nacionaliniam visuomenės sveikatos centrui (NVSC) Non-compliance with general data processing principles | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 5Art. 13Art. 24Art. 32 | €12,000 |
| 2021-02-26 | IT sprendimai sėkmei Non-compliance with general data processing principles | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 5Art. 13Art. 24Art. 32 | €3,000 |
| 2021-02-22 | Security company (name not available at the moment) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 32 | — |
| 2021-02-11 | OLVG Insufficient technical and organisational measures to ensure information security | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 32 | €440,000 |
| 2021-02-11 | Roma Capitale Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 28Art. 32 | €350,000 |
| 2021-02-11 | Roma Servizi per La Mobilita S.r.l. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 32 | €60,000 |
| 2021-02-11 | Istituti ospedalieri bergamaschi Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €45,000 |
| 2021-02-11 | Krajowa Szkoła Sądownictwa i Prokuratury Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 28Art. 32 | €22,200 |
| 2021-02-10 | ING Bank N.V. Amsterdam - Bucharest office Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €1,000 |
| 2021-02-04 | Orthodontic Clinic Insufficient technical and organisational measures to ensure information security | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 32 | €12,000 |
| 2021-01-27 | FRANCE DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32 | €150,000 |
| 2021-01-27 | FRANCE DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32 | €75,000 |
| 2021-01-27 | Azienda USL della Romagna Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €50,000 |
| 2021-01-22 | BELGIUM DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 24Art. 32Art. 33 | €25,000 |
| 2021-01-14 | Agenzia regionale protezione ambientale Campania (ARPAC) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €8,000 |
| 2021-01-01 | Bank Insufficient technical and organisational measures to ensure information security | 🇪🇺 Austrian Data Protection Authority (dsb) | Art. 5Art. 32 | €4,000,000 |