Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2019-12-17 Doorstep Dispensaree Ltd. (Pharmacy)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 32 €320,000
2019-12-10 Hora Credit IFN SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 25Art. 32Art. 33 €14,000
2019-12-10 Shop Macoyn, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €5,000
2019-12-04 S CNTAR TAROM SA (Airline)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €20,000
2019-12-03 Hospital
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Rheinland-Pfalz Art. 32 €105,000
2019-11-29 Royal President S.R.L.
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 15Art. 6Art. 32 €2,500
2019-11-29 Homeowners Association
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €500
2019-11-28 ING Bank N.V.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €0
2019-11-25 FAN Courier Express SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €11,000
2019-11-19 Xfera Moviles S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €60,000
2019-11-19 Corporación radiotelevisión espanola
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €60,000
2019-10-31 UWV (Dutch employee insurance service provider)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 32 €900,000
2019-10-24 Food company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Baden-Wuerttemberg Art. 5Art. 32 €100,000
2019-10-24 Military Hospital
Insufficient fulfilment of data breach notification obligations
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 32Art. 33 €7,400
2019-10-09 Vreau Credit SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32Art. 33 €20,000
2019-10-09 Raiffeisen Bank SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €15,000
2019-09-10 Morele.net
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 32 €660,000
2019-08-28 National Revenue Agency
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commision of Bulgaria (KZLD) Art. 32 €2,600,000
2019-08-28 DSK Bank
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commision of Bulgaria (KZLD) Art. 32 €511,000
2019-07-25 ACTIVE ASSURANCES (car insurer)
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 32 €180,000
2019-07-05 LEGAL COMPANY & TAX HUB SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2019-07-02 WORLD TRADE CENTER BUCHAREST SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €15,000
2019-06-18 Haga Hospital
Insufficient technical and organisational measures to ensure information security
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 32 €350,000
2019-06-13 Employer UNIONTRAD COMPANY
Insufficient legal basis for data processing
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 12Art. 13Art. 32 €20,000
2019-05-16 Payment service provider UAB MisterTango
Insufficient fulfilment of data breach notification obligations
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 32Art. 33 €61,500