Article 32 GDPR — enforcement
Cited in 762 decisions · €504.3M total fines · median €15,600 · top authority: 🇪🇺Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) (175)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-03-30 | MAD COOL FESTIVAL S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €3,500 |
| 2025-03-30 | MAD COOL FESTIVAL S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €3,500 |
| 2025-03-28 | GRUAS IGNACI, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13Art. 32 | €6,600 |
| 2025-03-28 | GRUAS IGNACI, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13Art. 32 | €6,600 |
| 2025-03-26 | Advanced Computer Software Group Ltd Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 32 | €3,500,000 |
| 2025-03-26 | Advanced Computer Software Group Ltd Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 32 | €3,500,000 |
| 2025-03-25 | NTT DATA ROMANIA S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 33 | €25,000 |
| 2025-03-25 | NTT DATA ROMANIA S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 33 | €25,000 |
| 2025-03-24 | Company Insufficient legal basis for data processing | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 5Art. 6Art. 32 | €80,000 |
| 2025-03-24 | Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 32 | €20,000 |
| 2025-03-24 | Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 13Art. 32Art. 33Art. 34 | €3,000 |
| 2025-03-14 | CENTROS COMERCIALES CARREFOUR, S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32Art. 34 | €3,200,000 |
| 2025-03-12 | Automobilus International S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2025-03-11 | Polskie Radio Szczecin Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 24Art. 32 | €13,400 |
| 2025-03-04 | WEBRASOFT SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €20,000 |
| 2025-03-03 | BEKO ROMANIA SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €10,000 |
| 2025-02-20 | Medstar S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2025-02-06 | Omniasig Vienna Insurance Group S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2025-02-05 | FARMEC SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 25Art. 32 | €5,000 |
| 2025-02-04 | Real estate company Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 6Art. 12Art. 13 | €40,000 |
| 2025-02-04 | V&M Contab & Management SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 58 | €10,000 |
| 2025-01-23 | Softehnica S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2025-01-21 | Employment Service under the Ministry of Social Security and Labor of the Republic of Lithuania Insufficient technical and organisational measures to ensure information security | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 5Art. 24Art. 32 | €9,000 |
| 2025-01-20 | Vodafone Romania S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €15,000 |
| 2025-01-17 | DELIVERY SOLUTIONS S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |