Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-12-30 | SLOVENAKIË: Onvoldoende technische en organisatorische maatregelen om de informatiebeveiliging te waarborgen. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Slovak Data Protection Office | Art. 5Art. 32 | — |
| 2025-12-22 | NEXPUBLICA FRANCE Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32 | €1,700,000 |
| 2025-12-22 | NEXPUBLICA FRANCE Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32 | €1,700,000 |
| 2025-12-15 | Arnhem and Nijmegen University of Applied Sciences Insufficient technical and organisational measures to ensure information security | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 32 | €175,000 |
| 2025-12-15 | Arnhem and Nijmegen University of Applied Sciences Insufficient technical and organisational measures to ensure information security | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 32 | €175,000 |
| 2025-12-12 | Chief Constable of the Police Service of Scotland Insufficient technical and organisational measures to ensure information security | 🇬🇧 Information Commissioner (ICO) | Art. 5Art. 25Art. 32Art. 33 | €75,700 |
| 2025-12-10 | University of Limerick Insufficient technical and organisational measures to ensure information security | 🇮🇪 Data Protection Authority of Ireland | Art. 5Art. 30Art. 32Art. 33 | €98,000 |
| 2025-12-08 | Compania de Apa Oltenia S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €1,000 |
| 2025-12-08 | Compania de Apa Oltenia S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €1,000 |
| 2025-12-04 | Legal Entity Insufficient technical and organisational measures to ensure information security | 🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) | Art. 32 | €1,300 |
| 2025-11-27 | Aimag S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 13 | €300,000 |
| 2025-11-27 | Aimag S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 13 | €300,000 |
| 2025-11-27 | Nițu A. Cleopatra – Expert Accountant Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-11-27 | Nițu A. Cleopatra – Expert Accountant Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-11-21 | Legal Entity Insufficient technical and organisational measures to ensure information security | 🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) | Art. 32 | €16,650 |
| 2025-11-20 | LastPass UK Ltd Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €1,400,000 |
| 2025-11-20 | LastPass UK Ltd Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €1,400,000 |
| 2025-11-19 | Greencorp S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-11-19 | Greencorp S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-11-17 | PGS SOFA & CO SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €8,000 |
| 2025-11-17 | PGS SOFA & CO SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €8,000 |
| 2025-11-15 | Powiatowego Inspektora Sanitarnego w Policach Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 32 | €4,750 |
| 2025-11-15 | Powiatowego Inspektora Sanitarnego w Policach Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 32 | €4,750 |
| 2025-11-07 | Klass Wagen S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €7,000 |
| 2025-11-07 | Klass Wagen S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €7,000 |