Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2020-12-03 | Östergötland Region Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €243,800 |
| 2020-12-03 | Municipality of Indre Østfold Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 6Art. 32 | €18,840 |
| 2020-12-02 | Losada Advocats S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €10,000 |
| 2020-12-02 | Comercio Online Levante, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €3,000 |
| 2020-11-24 | City of Stockholm Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €394,000 |
| 2020-11-24 | Dada Creation S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 33 | €5,000 |
| 2020-11-18 | Carrefour France Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 12Art. 13Art. 15 | €2,250,000 |
| 2020-11-13 | Ticketmaster UK Limited Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €1,405,000 |
| 2020-11-12 | Vodafone Italia S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 15 | €12,251,601 |
| 2020-11-11 | Telecoms provider (1&1 Telecom GmbH) Insufficient technical and organisational measures to ensure information security | 🇪🇺 The Federal Commissioner for Data Protection and Freedom of Information (BfDI) | Art. 32 | €900,000 |
| 2020-11-10 | Miguel Ibáñez Bezanilla, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13Art. 32 | €3,000 |
| 2020-10-30 | Marriott International, Inc Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 32 | €20,450,000 |
| 2020-10-24 | Private Individual Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Sachsen-Anhalt | Art. 5Art. 32 | €200 |
| 2020-10-22 | Cyprus Police Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 32 | €6,000 |
| 2020-10-19 | Bank of Cyprus Public Company Ltd Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 5Art. 15Art. 32Art. 33 | €15,000 |
| 2020-10-16 | British Airways Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €22,046,000 |
| 2020-10-15 | S.C. Marsorom S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2020-09-30 | Azienda Ospedaliera di Rilievo Nazionale 'Antonio Cardarelli' (Private Hospital) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 13Art. 28 | €80,000 |
| 2020-09-30 | Scanshare s.r.l. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 32 | €60,000 |
| 2020-09-08 | Warsaw University of Life Sciences Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 32 | €11,200 |
| 2020-09-08 | Sanatatea Press Group S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 32 | €2,000 |
| 2020-09-07 | Istituto Comprensivo Statale Crucoli Torretta Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €2,000 |
| 2020-09-03 | Bergen Municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 5Art. 32 | €276,000 |
| 2020-09-01 | Apartment building owners association Insufficient legal basis for data processing | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 12Art. 13 | €500 |
| 2020-08-18 | Cork University Maternity Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 32 | €65,000 |