Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2021-01-01 Physician
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Schleswig-Holstein Art. 32
2021-01-01 Restaurant
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Saarland Art. 24Art. 32
2021-01-01 Physician
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Schleswig-Holstein Art. 32
2021-01-01 GERMANY DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Niedersachsen Art. 32
2021-01-01 Company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Niedersachsen Art. 25Art. 32
2021-01-01 GERMANY DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Niedersachsen Art. 32
2021-01-01 Company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 32
2020-12-29 Qualitance QBS SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €1,000
2020-12-17 Roma Capitale (Rome Municipality)
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 14Art. 28 €500,000
2020-12-17 ID Finance Poland Sp. z o.o.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €235,300
2020-12-17 Azienda Unità Sanitaria Locale Toscana Sud Est
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 14Art. 28 €100,000
2020-12-17 Banca Transilvania SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 32 €100,000
2020-12-17 University College Dublin
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 32Art. 33 €70,000
2020-12-17 Doctor
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 32Art. 33 €6,000
2020-12-17 Doctor
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 32Art. 33 €3,000
2020-12-16 Robinson Tours Ltd. (Robinson Tours Idegenforgalmi és Szolgáltató Kft.)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 25Art. 32Art. 34 €55,400
2020-12-16 Next Time Media Agency Ltd. (Next Time Media Ügynökség Kft.)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 32 €1,385
2020-12-14 Virgin Mobile Polska
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €443,000
2020-12-11 Umeå University
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €54,000
2020-12-03 Capio St. Göran AB
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €2,900,000
2020-12-03 Aleris Sjukvård AB
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €1,463,000
2020-12-03 Aleris Sjukvård AB
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €1,168,000
2020-12-03 Karolinska University Hospital of Solna
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €390,100
2020-12-03 Sahlgrenska University Hospital
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €341,300
2020-12-03 Västerbotten Region
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €243,800