Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-05-09 | Owner of a Pharmacy Office Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 14Art. 32 | €6,600 |
| 2025-05-08 | Owner of a Pharmacy Office Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 14Art. 32 | €6,600 |
| 2025-05-08 | Owner of a Pharmacy Office Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 14Art. 32 | €6,600 |
| 2025-04-29 | Ordine degli psicologi della Lombardia Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €30,000 |
| 2025-04-29 | Ordine degli psicologi della Lombardia Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €30,000 |
| 2025-04-29 | Cooperativa Sociale Quadrifoglio Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 28Art. 32 | €20,000 |
| 2025-04-29 | Cooperativa Sociale Quadrifoglio Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 28Art. 32 | €20,000 |
| 2025-04-25 | SC Travel Planner SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 15Art. 32Art. 33 | €6,000 |
| 2025-04-25 | SC Travel Planner SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 15Art. 32Art. 33 | €6,000 |
| 2025-04-23 | Diskrimineringsombudsmannen Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 32 | €9,200 |
| 2025-04-23 | Diskrimineringsombudsmannen Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 32 | €9,200 |
| 2025-04-22 | NOVATES ALIMENTACIÓN MADRID, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32 | €12,000 |
| 2025-04-22 | NOVATES ALIMENTACIÓN MADRID, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32 | €12,000 |
| 2025-04-15 | United Business Solutions SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-04-15 | United Business Solutions SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-04-14 | DPP Law Ltd. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32Art. 33 | €70,300 |
| 2025-04-14 | DPP Law Ltd. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32Art. 33 | €70,300 |
| 2025-04-11 | NEW GAMBLING SOLUTIONS S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-04-11 | NEW GAMBLING SOLUTIONS S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-04-10 | Acea Energia S.p.A. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 13 | €3,000,000 |
| 2025-04-10 | Acea Energia S.p.A. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 13 | €3,000,000 |
| 2025-04-10 | Network of Agencies and Companies Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 13 | €850,000 |
| 2025-04-10 | Network of Agencies and Companies Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 13 | €850,000 |
| 2025-04-02 | BINBOX GLOBAL SERVICES S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-04-02 | BINBOX GLOBAL SERVICES S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |