Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2020-02-28 | Vodafone ONO, S.A.U. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32 | €48,000 |
| 2020-02-26 | Rælingen Municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 5Art. 32 | — |
| 2020-02-20 | L.E. EOOD Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commision of Bulgaria (KZLD) | Art. 25Art. 32Art. 6 | €2,560 |
| 2020-02-20 | T.K. EOOD Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commision of Bulgaria (KZLD) | Art. 25Art. 32 | €2,560 |
| 2020-02-14 | Vodafone España, S.A.U. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €42,000 |
| 2020-02-14 | Xfera Moviles S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €30,000 |
| 2020-02-11 | Vodafone Romania Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 32 | €3,000 |
| 2020-01-24 | Accounting firm Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 24Art. 32 | €1,450 |
| 2020-01-23 | Sapienza Università di Roma Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €30,000 |
| 2020-01-23 | Azienda Ospedaliero Universitaria Integrata di Verona (Hospital) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €30,000 |
| 2020-01-15 | TIM (telecommunications operator) Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 17Art. 21 | €27,800,000 |
| 2020-01-13 | Social Insurance Services of the Ministry of Labor, Welfare and Social Insurance Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 32 | €9,000 |
| 2020-01-01 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Niedersachsen | Art. 32 | €65,000 |
| 2020-01-01 | MALTA DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 5Art. 32 | €5,000 |
| 2020-01-01 | MALTA DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 32 | €2,500 |
| 2020-01-01 | MALTA DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 5Art. 32 | €2,500 |
| 2020-01-01 | MALTA DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 32 | €2,500 |
| 2020-01-01 | MALTA DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 32 | €2,000 |
| 2020-01-01 | Private healthcare provider Insufficient technical and organisational measures to ensure information security | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 24Art. 32 | €387 |
| 2020-01-01 | Restaurant Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hamburg | Art. 32 | — |
| 2020-01-01 | Restaurant Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hamburg | Art. 32 | — |
| 2020-01-01 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hamburg | Art. 6Art. 32 | — |
| 2020-01-01 | Restaurant Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hamburg | Art. 32 | — |
| 2019-12-19 | Aegean Marine Petroleum Network Inc. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 6Art. 32 | €150,000 |
| 2019-12-18 | Telekom Romania Mobile Communications SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |