Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2025-12-30 SLOVENAKIË: Onvoldoende technische en organisatorische maatregelen om de informatiebeveiliging te waarborgen.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Slovak Data Protection Office Art. 5Art. 32
2025-12-22 NEXPUBLICA FRANCE
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 32 €1,700,000
2025-12-22 NEXPUBLICA FRANCE
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 32 €1,700,000
2025-12-15 Arnhem and Nijmegen University of Applied Sciences
Insufficient technical and organisational measures to ensure information security
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 32 €175,000
2025-12-15 Arnhem and Nijmegen University of Applied Sciences
Insufficient technical and organisational measures to ensure information security
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 32 €175,000
2025-12-12 Chief Constable of the Police Service of Scotland
Insufficient technical and organisational measures to ensure information security
🇬🇧 Information Commissioner (ICO) Art. 5Art. 25Art. 32Art. 33 €75,700
2025-12-10 University of Limerick
Insufficient technical and organisational measures to ensure information security
🇮🇪 Data Protection Authority of Ireland Art. 5Art. 30Art. 32Art. 33 €98,000
2025-12-08 Compania de Apa Oltenia S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 29Art. 32 €1,000
2025-12-08 Compania de Apa Oltenia S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 29Art. 32 €1,000
2025-12-04 Legal Entity
Insufficient technical and organisational measures to ensure information security
🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 32 €1,300
2025-11-27 Aimag S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €300,000
2025-11-27 Aimag S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €300,000
2025-11-27 Nițu A. Cleopatra – Expert Accountant
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-11-27 Nițu A. Cleopatra – Expert Accountant
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-11-21 Legal Entity
Insufficient technical and organisational measures to ensure information security
🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 32 €16,650
2025-11-20 LastPass UK Ltd
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32 €1,400,000
2025-11-20 LastPass UK Ltd
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32 €1,400,000
2025-11-19 Greencorp S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-11-19 Greencorp S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-11-17 PGS SOFA & CO SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €8,000
2025-11-17 PGS SOFA & CO SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €8,000
2025-11-15 Powiatowego Inspektora Sanitarnego w Policach
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 24Art. 25Art. 32 €4,750
2025-11-15 Powiatowego Inspektora Sanitarnego w Policach
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 24Art. 25Art. 32 €4,750
2025-11-07 Klass Wagen S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €7,000
2025-11-07 Klass Wagen S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €7,000