Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2020-08-12 Tusla Child and Family Agency
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 32 €85,000
2020-08-04 PrivatBo A.M.B.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 5Art. 32 €20,100
2020-07-30 Romanian Post National Company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2020-07-27 SC Cntar Tarom SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2020-07-10 Xfera Moviles S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €55,000
2020-07-10 Municipality of Rælingen
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 32Art. 35 €46,660
2020-07-10 Global Business Travel Spain SLU
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €5,000
2020-07-09 Proleasing Motors SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €15,000
2020-06-30 Allgemeine Ortskrankenkasse ('AOK') (health insurance company)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Baden-Wuerttemberg Art. 5Art. 6Art. 32 €1,240,000
2020-06-22 Østfold HF Hospital
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 32 €112,000
2020-06-18 Enel Energie
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €4,000
2020-06-12 Digi Távközlési Szolgáltató Kft. ('Digi') (electronic communication service provider)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 5Art. 32 €288,000
2020-06-11 Telekom Romania
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2020-06-09 Attorney
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €2,000
2020-05-05 Banca Comercială Română SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2020-05-03 Telenor Norge AS
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 32 €134,000
2020-04-23 Telekom Romania Communications SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2020-03-25 Vodafone Romania
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €4,150
2020-03-25 Enel Energie
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2020-03-24 CP&A
Insufficient technical and organisational measures to ensure information security
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 9Art. 32 €15,000
2020-03-10 National Center of Addiction Medicine ('SAA')
Insufficient technical and organisational measures to ensure information security
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 32 €20,600
2020-03-10 Gladsaxe Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 5Art. 32 €14,000
2020-03-10 Breiðholt Upper Secondary School
Insufficient technical and organisational measures to ensure information security
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 32 €9,000
2020-03-10 Hørsholm Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 5Art. 32 €7,000
2020-03-03 Vodafone España, S.A.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €42,000