Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2020-02-28 Vodafone ONO, S.A.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €48,000
2020-02-26 Rælingen Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 5Art. 32
2020-02-20 L.E. EOOD
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commision of Bulgaria (KZLD) Art. 25Art. 32Art. 6 €2,560
2020-02-20 T.K. EOOD
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commision of Bulgaria (KZLD) Art. 25Art. 32 €2,560
2020-02-14 Vodafone España, S.A.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €42,000
2020-02-14 Xfera Moviles S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €30,000
2020-02-11 Vodafone Romania
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 32 €3,000
2020-01-24 Accounting firm
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 24Art. 32 €1,450
2020-01-23 Sapienza Università di Roma
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €30,000
2020-01-23 Azienda Ospedaliero Universitaria Integrata di Verona (Hospital)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €30,000
2020-01-15 TIM (telecommunications operator)
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 17Art. 21 €27,800,000
2020-01-13 Social Insurance Services of the Ministry of Labor, Welfare and Social Insurance
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 32 €9,000
2020-01-01 Company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Niedersachsen Art. 32 €65,000
2020-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 5Art. 32 €5,000
2020-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 32 €2,500
2020-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 5Art. 32 €2,500
2020-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 32 €2,500
2020-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 32 €2,000
2020-01-01 Private healthcare provider
Insufficient technical and organisational measures to ensure information security
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 24Art. 32 €387
2020-01-01 Restaurant
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 32
2020-01-01 Restaurant
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 32
2020-01-01 Company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 6Art. 32
2020-01-01 Restaurant
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 32
2019-12-19 Aegean Marine Petroleum Network Inc.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 6Art. 32 €150,000
2019-12-18 Telekom Romania Mobile Communications SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000