Home » Comunicat_Presa_15_03_2023
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

15.03.2023

Sanctions

 

1. The National Supervisory Authority finalized in February this year an investigation to the controller Alianța pentru Unirea Românilor and found the breach of the provisions of Article 5 paragraph (1) letter c) and paragraph (2) of the General Data Protection Regulation.

Therefore, Alianța pentru Unirea Românilor was sanctioned with fine in amount of Lei 49,115, the equivalent of Eur 10,000.

The sanction was applied following some intimations through which it was reported that the controller collects personal data through a website, without performing the information of the data subjects and without the fulfilment of the conditions on the lawfulness of the processing.

Within the investigation performed it was found that personal data (first name, last name, address, identity card series and number, personal identification number, telephone, signature) were collected through the filling-in and signature of the online form from that website, through the submission of the form downloaded/filled in/signed by post, as well as through the filling in and signature of the forms at the special centres organised by Alianța pentru Unirea Românilor.

This situation led to the processing of the personal data of a significant number of data subjects with the breach of the personal data processing principles provided under Article 5 paragraph (1) letter c) (”data minimisation”) and paragraph (2) of the GDPR (”accountability”).

 

    2. The National Supervisory Authority finalized in February this year another investigation at the controller Partidul Uniunea Salvați România and found the breach of the provisions of Article 32 paragraph (1) letter a) and paragraph (2) of the General Data Protection Regulation.

Therefore, Partidul Uniunea Salvați România was sanctioned with fine in amount of Lei 19,646, the equivalent of EUR 4,000.

The investigation was started following the submission by the controller of a personal data security breach notification based on the General Data Protection Regulation.

The breach of the data security took place following the loss of the security and integrity of the data stored within a server of the controller that was hosted on an application within which a phishing cyber attack took place.

Within the investigation it was found that the controller did not implement adequate technical and organizational measures in order to ensure a corresponding level of security such as encryption/pseudonymization of the personal data stored on that application, which led to the unauthorized access of personal data such as first name, last name, personal identification code, e-mail, telephone number, data regarding the political affiliation.

Also, the corrective measure to ensure the conformity with the GDPR of the personal data processing operations, through the implementation of some adequate technical and organizational measures, following the evaluation on the risk for the persons’ rights and freedoms, inclusively of the working procedures regarding the personal data protection was applied.

 

Legal and Communication Department

A.N.S.P.D.C.P.