Skip to content

Article 32 GDPR — enforcement

Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)

Date ↓ Company / party Authority Articles Fine
2025-03-30 MAD COOL FESTIVAL S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €3,500
2025-03-30 MAD COOL FESTIVAL S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €3,500
2025-03-28 GRUAS IGNACI, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13Art. 32 €6,600
2025-03-28 GRUAS IGNACI, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13Art. 32 €6,600
2025-03-26 Advanced Computer Software Group Ltd
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 32 €3,500,000
2025-03-26 Advanced Computer Software Group Ltd
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 32 €3,500,000
2025-03-25 NTT DATA ROMANIA S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32Art. 33 €25,000
2025-03-25 NTT DATA ROMANIA S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32Art. 33 €25,000
2025-03-24 Company
Insufficient legal basis for data processing
🇪🇺 Croatian Data Protection Authority (azop) Art. 5Art. 6Art. 32 €80,000
2025-03-24 Hospital
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 32 €20,000
2025-03-24 Hospital
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 13Art. 32Art. 33Art. 34 €3,000
2025-03-14 CENTROS COMERCIALES CARREFOUR, S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32Art. 34 €3,200,000
2025-03-12 Automobilus International S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2025-03-11 Polskie Radio Szczecin
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 24Art. 32 €13,400
2025-03-04 WEBRASOFT SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €20,000
2025-03-03 BEKO ROMANIA SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €10,000
2025-02-20 Medstar S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2025-02-06 Omniasig Vienna Insurance Group S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2025-02-05 FARMEC SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 25Art. 32 €5,000
2025-02-04 Real estate company
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 6Art. 12Art. 13 €40,000
2025-02-04 V&M Contab & Management SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32Art. 58 €10,000
2025-01-23 Softehnica S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2025-01-21 Employment Service under the Ministry of Social Security and Labor of the Republic of Lithuania
Insufficient technical and organisational measures to ensure information security
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 24Art. 32 €9,000
2025-01-20 Vodafone Romania S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €15,000
2025-01-17 DELIVERY SOLUTIONS S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000