Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2019-12-17 | Doorstep Dispensaree Ltd. (Pharmacy) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 32 | €320,000 |
| 2019-12-10 | Hora Credit IFN SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 25Art. 32Art. 33 | €14,000 |
| 2019-12-10 | Shop Macoyn, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32 | €5,000 |
| 2019-12-04 | S CNTAR TAROM SA (Airline) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €20,000 |
| 2019-12-03 | Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Rheinland-Pfalz | Art. 32 | €105,000 |
| 2019-11-29 | Royal President S.R.L. Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 15Art. 6Art. 32 | €2,500 |
| 2019-11-29 | Homeowners Association Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €500 |
| 2019-11-28 | ING Bank N.V. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €0 |
| 2019-11-25 | FAN Courier Express SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €11,000 |
| 2019-11-19 | Xfera Moviles S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32 | €60,000 |
| 2019-11-19 | Corporación radiotelevisión espanola Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32 | €60,000 |
| 2019-10-31 | UWV (Dutch employee insurance service provider) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 32 | €900,000 |
| 2019-10-24 | Food company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Baden-Wuerttemberg | Art. 5Art. 32 | €100,000 |
| 2019-10-24 | Military Hospital Insufficient fulfilment of data breach notification obligations | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 32Art. 33 | €7,400 |
| 2019-10-09 | Vreau Credit SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 33 | €20,000 |
| 2019-10-09 | Raiffeisen Bank SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €15,000 |
| 2019-09-10 | Morele.net Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 32 | €660,000 |
| 2019-08-28 | National Revenue Agency Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commision of Bulgaria (KZLD) | Art. 32 | €2,600,000 |
| 2019-08-28 | DSK Bank Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commision of Bulgaria (KZLD) | Art. 32 | €511,000 |
| 2019-07-25 | ACTIVE ASSURANCES (car insurer) Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 32 | €180,000 |
| 2019-07-05 | LEGAL COMPANY & TAX HUB SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2019-07-02 | WORLD TRADE CENTER BUCHAREST SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €15,000 |
| 2019-06-18 | Haga Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 32 | €350,000 |
| 2019-06-13 | Employer UNIONTRAD COMPANY Insufficient legal basis for data processing | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 12Art. 13Art. 32 | €20,000 |
| 2019-05-16 | Payment service provider UAB MisterTango Insufficient fulfilment of data breach notification obligations | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 5Art. 32Art. 33 | €61,500 |