Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2025-05-09 Owner of a Pharmacy Office
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6Art. 14Art. 32 €6,600
2025-05-08 Owner of a Pharmacy Office
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6Art. 14Art. 32 €6,600
2025-05-08 Owner of a Pharmacy Office
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6Art. 14Art. 32 €6,600
2025-04-29 Ordine degli psicologi della Lombardia
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €30,000
2025-04-29 Ordine degli psicologi della Lombardia
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €30,000
2025-04-29 Cooperativa Sociale Quadrifoglio
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 28Art. 32 €20,000
2025-04-29 Cooperativa Sociale Quadrifoglio
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 28Art. 32 €20,000
2025-04-25 SC Travel Planner SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15Art. 32Art. 33 €6,000
2025-04-25 SC Travel Planner SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15Art. 32Art. 33 €6,000
2025-04-23 Diskrimineringsombudsmannen
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 32 €9,200
2025-04-23 Diskrimineringsombudsmannen
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 32 €9,200
2025-04-22 NOVATES ALIMENTACIÓN MADRID, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €12,000
2025-04-22 NOVATES ALIMENTACIÓN MADRID, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32 €12,000
2025-04-15 United Business Solutions SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-04-15 United Business Solutions SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-04-14 DPP Law Ltd.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32Art. 33 €70,300
2025-04-14 DPP Law Ltd.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32Art. 33 €70,300
2025-04-11 NEW GAMBLING SOLUTIONS S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-04-11 NEW GAMBLING SOLUTIONS S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-04-10 Acea Energia S.p.A.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €3,000,000
2025-04-10 Acea Energia S.p.A.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €3,000,000
2025-04-10 Network of Agencies and Companies
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €850,000
2025-04-10 Network of Agencies and Companies
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €850,000
2025-04-02 BINBOX GLOBAL SERVICES S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-04-02 BINBOX GLOBAL SERVICES S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000