Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2025-07-23 Order of Nursing Professions of Viterbo
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €10,000
2025-07-23 Order of Nursing Professions of Viterbo
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €10,000
2025-07-23 Agricola International SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2025-07-23 Agricola International SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2025-07-22 HEP-Toplinarstvo
Insufficient technical and organisational measures to ensure information security
🇭🇷 Croatian Data Protection Authority (azop) Art. 31Art. 32 €320,000
2025-07-22 Information and Communication Company
Insufficient technical and organisational measures to ensure information security
🇭🇷 Croatian Data Protection Authority (azop) Art. 32 €50,000
2025-07-21 Hestia Publishers & Booksellers I. D. Kollaros & Co. S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 25Art. 32Art. 33 €9,000
2025-07-21 Hestia Publishers & Booksellers I. D. Kollaros & Co. S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 25Art. 32Art. 33 €9,000
2025-07-11 VALORA PREVENCIÓN, S.L.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €32,000
2025-07-11 VALORA PREVENCIÓN, S.L.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €32,000
2025-07-02 Croatian Insurance Bureau
Insufficient technical and organisational measures to ensure information security
🇭🇷 Croatian Data Protection Authority (azop) Art. 5Art. 32 €101,000
2025-06-30 L. Zamenhof University Children's Clinical Hospital in Białystok
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 32 €15,600
2025-06-30 L. Zamenhof University Children's Clinical Hospital in Białystok
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 32 €15,600
2025-06-26 Alliance for the Union of Romanians Party
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 25Art. 32 €25,000
2025-06-26 Alliance for the Union of Romanians Party
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 25Art. 32 €25,000
2025-06-26 SC Piramida Trade Invest SRL
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 12Art. 15 €3,000
2025-06-26 Selgros Cash & Carry SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-06-26 SC Tremend Software Consulting SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-06-26 Selgros Cash & Carry SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-06-26 SC Piramida Trade Invest SRL
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 12Art. 15 €3,000
2025-06-26 SC Tremend Software Consulting SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-06-25 KARAMBELAS KONSTANTINOS & CO. E.E.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 29Art. 32 €40,000
2025-06-25 KARAMBELAS KONSTANTINOS & CO. E.E.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 29Art. 32 €40,000
2025-06-24 Birthlink
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32Art. 33 €20,725
2025-06-24 Birthlink
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32Art. 33 €20,725