Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-07-23 | Order of Nursing Professions of Viterbo Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €10,000 |
| 2025-07-23 | Order of Nursing Professions of Viterbo Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €10,000 |
| 2025-07-23 | Agricola International SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2025-07-23 | Agricola International SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2025-07-22 | HEP-Toplinarstvo Insufficient technical and organisational measures to ensure information security | 🇭🇷 Croatian Data Protection Authority (azop) | Art. 31Art. 32 | €320,000 |
| 2025-07-22 | Information and Communication Company Insufficient technical and organisational measures to ensure information security | 🇭🇷 Croatian Data Protection Authority (azop) | Art. 32 | €50,000 |
| 2025-07-21 | Hestia Publishers & Booksellers I. D. Kollaros & Co. S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 25Art. 32Art. 33 | €9,000 |
| 2025-07-21 | Hestia Publishers & Booksellers I. D. Kollaros & Co. S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 25Art. 32Art. 33 | €9,000 |
| 2025-07-11 | VALORA PREVENCIÓN, S.L.U. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €32,000 |
| 2025-07-11 | VALORA PREVENCIÓN, S.L.U. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €32,000 |
| 2025-07-02 | Croatian Insurance Bureau Insufficient technical and organisational measures to ensure information security | 🇭🇷 Croatian Data Protection Authority (azop) | Art. 5Art. 32 | €101,000 |
| 2025-06-30 | L. Zamenhof University Children's Clinical Hospital in Białystok Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 32 | €15,600 |
| 2025-06-30 | L. Zamenhof University Children's Clinical Hospital in Białystok Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 32 | €15,600 |
| 2025-06-26 | Alliance for the Union of Romanians Party Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 25Art. 32 | €25,000 |
| 2025-06-26 | Alliance for the Union of Romanians Party Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 25Art. 32 | €25,000 |
| 2025-06-26 | SC Piramida Trade Invest SRL Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 12Art. 15 | €3,000 |
| 2025-06-26 | Selgros Cash & Carry SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-06-26 | SC Tremend Software Consulting SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-06-26 | Selgros Cash & Carry SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-06-26 | SC Piramida Trade Invest SRL Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 12Art. 15 | €3,000 |
| 2025-06-26 | SC Tremend Software Consulting SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-06-25 | KARAMBELAS KONSTANTINOS & CO. E.E. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 29Art. 32 | €40,000 |
| 2025-06-25 | KARAMBELAS KONSTANTINOS & CO. E.E. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 29Art. 32 | €40,000 |
| 2025-06-24 | Birthlink Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32Art. 33 | €20,725 |
| 2025-06-24 | Birthlink Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32Art. 33 | €20,725 |