Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2021-01-01 | Physician Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Schleswig-Holstein | Art. 32 | — |
| 2021-01-01 | Restaurant Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Saarland | Art. 24Art. 32 | — |
| 2021-01-01 | Physician Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Schleswig-Holstein | Art. 32 | — |
| 2021-01-01 | GERMANY DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Niedersachsen | Art. 32 | — |
| 2021-01-01 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Niedersachsen | Art. 25Art. 32 | — |
| 2021-01-01 | GERMANY DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Niedersachsen | Art. 32 | — |
| 2021-01-01 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hamburg | Art. 32 | — |
| 2020-12-29 | Qualitance QBS SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €1,000 |
| 2020-12-17 | Roma Capitale (Rome Municipality) Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 14Art. 28 | €500,000 |
| 2020-12-17 | ID Finance Poland Sp. z o.o. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32 | €235,300 |
| 2020-12-17 | Azienda Unità Sanitaria Locale Toscana Sud Est Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 14Art. 28 | €100,000 |
| 2020-12-17 | Banca Transilvania SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 32 | €100,000 |
| 2020-12-17 | University College Dublin Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 32Art. 33 | €70,000 |
| 2020-12-17 | Doctor Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32Art. 33 | €6,000 |
| 2020-12-17 | Doctor Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32Art. 33 | €3,000 |
| 2020-12-16 | Robinson Tours Ltd. (Robinson Tours Idegenforgalmi és Szolgáltató Kft.) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 25Art. 32Art. 34 | €55,400 |
| 2020-12-16 | Next Time Media Agency Ltd. (Next Time Media Ügynökség Kft.) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 32 | €1,385 |
| 2020-12-14 | Virgin Mobile Polska Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32 | €443,000 |
| 2020-12-11 | Umeå University Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €54,000 |
| 2020-12-03 | Capio St. Göran AB Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €2,900,000 |
| 2020-12-03 | Aleris Sjukvård AB Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €1,463,000 |
| 2020-12-03 | Aleris Sjukvård AB Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €1,168,000 |
| 2020-12-03 | Karolinska University Hospital of Solna Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €390,100 |
| 2020-12-03 | Sahlgrenska University Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €341,300 |
| 2020-12-03 | Västerbotten Region Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €243,800 |