Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2025-10-28 SIA 'ZZ Dats'
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data State Inspectorate (DSI) Art. 32 €300,000
2025-10-28 SIA 'ZZ Dats'
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data State Inspectorate (DSI) Art. 32 €300,000
2025-10-23 Aktia Pankki Oyj
Insufficient technical and organisational measures to ensure information security
🇪🇺 Deputy Data Protection Ombudsman Art. 5Art. 25Art. 32 €865,000
2025-10-23 Aktia Pankki Oyj
Insufficient technical and organisational measures to ensure information security
🇪🇺 Deputy Data Protection Ombudsman Art. 5Art. 25Art. 32 €865,000
2025-10-20 S.P.E.E.H. HIDROELECTRICA SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2025-10-20 S.P.E.E.H. HIDROELECTRICA SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2025-10-16 PRIME TRANSACTION SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-10-16 PRIME TRANSACTION SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-10-15 CAPITA PLC
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32 €9,180,000
2025-10-15 CAPITA PLC
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32 €9,180,000
2025-10-15 CAPITA PENSION SOLUTIONS LIMITED
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 32 €6,880,000
2025-10-15 CAPITA PENSION SOLUTIONS LIMITED
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 32 €6,880,000
2025-10-13 Vellea Home SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2025-10-13 Vellea Home SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2025-10-09 EON ENERGIE ROMANIA S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €25,000
2025-10-09 EON ENERGIE ROMANIA S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €25,000
2025-10-09 FT Solutions S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €5,000
2025-10-09 FT Solutions S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €5,000
2025-10-03 THE RED KIWI, S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €30,000
2025-10-03 THE RED KIWI, S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €30,000
2025-09-25 S.C. PRIMONET RO S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €20,000
2025-09-25 S.C. PRIMONET RO S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €20,000
2025-09-23 Property manager
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €600
2025-09-23 Property manager
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €600
2025-09-22 DHL PARCEL IBERIA, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €3,000