Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2025-09-22 DHL PARCEL IBERIA, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €3,000
2025-09-11 Casa di Cura Città di Roma
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €12,000
2025-09-11 Casa di Cura Città di Roma
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €12,000
2025-09-09 Unita Turism Holding S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2025-09-09 Unita Turism Holding S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2025-09-08 S-Pankki Oyj
Insufficient technical and organisational measures to ensure information security
🇪🇺 Deputy Data Protection Ombudsman Art. 5Art. 25Art. 32 €1,800,000
2025-09-08 S-Pankki Oyj
Insufficient technical and organisational measures to ensure information security
🇪🇺 Deputy Data Protection Ombudsman Art. 5Art. 25Art. 32 €1,800,000
2025-09-01 La Fântâna S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €10,000
2025-09-01 La Fântâna S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €10,000
2025-08-18 SC Elite Conta SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-08-18 SC Elite Conta SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-08-12 REAL SOCIEDAD DE FUTBOL S.A.D.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €66,000
2025-08-12 REAL SOCIEDAD DE FUTBOL S.A.D.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €66,000
2025-08-12 'FLEXICREDIT' Mutual Aid House Association
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-08-12 'FLEXICREDIT' Mutual Aid House Association
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-08-11 BIZUM, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €80,000
2025-08-11 BIZUM, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €80,000
2025-08-05 Bank of Cyprus Public Company Limited
Insufficient technical and organisational measures to ensure information security
🇨🇾 Cypriot Data Protection Commissioner Art. 5Art. 24Art. 32 €25,000
2025-08-04 Ospedaliero-Universitaria Careggi
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €80,000
2025-08-04 Ospedaliero-Universitaria Careggi
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €80,000
2025-08-04 Comune di Venezia
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 25Art. 32 €10,000
2025-08-04 Comune di Venezia
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 25Art. 32 €10,000
2025-08-04 Non-Public Health Care Institution
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €7,700
2025-08-04 Non-Public Health Care Institution
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €7,700
2025-07-25 Legal Entity
Insufficient technical and organisational measures to ensure information security
🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 32 €5,020