Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-06-23 | City of Dublin Education and Training Board Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 32Art. 33Art. 34 | €125,000 |
| 2025-06-23 | City of Dublin Education and Training Board Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 32Art. 33Art. 34 | €125,000 |
| 2025-06-23 | Municipal Social Welfare Center Aleksandrów Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 32 | €3,500 |
| 2025-06-23 | Municipal Social Welfare Center Aleksandrów Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 32 | €3,500 |
| 2025-06-13 | OCI CINE, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €18,000 |
| 2025-06-13 | OCI CINE, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €18,000 |
| 2025-06-12 | Accounting Audit SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €10,000 |
| 2025-06-12 | Accounting Audit SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €10,000 |
| 2025-06-05 | 23andMe, Inc. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €2,700,000 |
| 2025-06-05 | 23andMe, Inc. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €2,700,000 |
| 2025-05-30 | AG-BROKER ASIGURARE S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2025-05-30 | AG-BROKER ASIGURARE S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2025-05-27 | Yliopiston Apteekin Non-compliance with general data processing principles | 🇪🇺 Deputy Data Protection Ombudsman | Art. 5Art. 32 | €1,100,000 |
| 2025-05-27 | Yliopiston Apteekin Non-compliance with general data processing principles | 🇪🇺 Deputy Data Protection Ombudsman | Art. 5Art. 32 | €1,100,000 |
| 2025-05-26 | REPSOL COMERCIALIZADORA DE ELECTRICIDAD Y GAS, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €1,380,000 |
| 2025-05-26 | REPSOL COMERCIALIZADORA DE ELECTRICIDAD Y GAS, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €1,380,000 |
| 2025-05-19 | Maravet S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2025-05-19 | Maravet S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2025-05-16 | ACCOUNTING & AUDIT CONSULTING SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2025-05-16 | ACCOUNTING & AUDIT CONSULTING SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2025-05-14 | CVA TAX & FINANCE S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-05-14 | CVA TAX & FINANCE S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-05-12 | CV PRO CONSULT S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-05-12 | CV PRO CONSULT S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-05-09 | Owner of a Pharmacy Office Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 14Art. 32 | €6,600 |