Home » Comunicat_Presa_11.03.2025
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

11.03.2025

Sanction for the breach of the GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in February 2025, an investigation at the controller Noy Business Tranzactions SRL and found the breach of Article 12 paragraphs (1)-(4) in relation to Article 15 paragraph (3) and Article 17 of Regulation (EU) 2016/679.

As such, the controller was sanctioned with fine of 4,977.3 lei (the equivalent of 1,000 euros).

The investigation was initiated following a complaint alleging a possible violation of the provisions of Regulation (EU) 2016/679. Thus, a customer complained that the controller had not communicated a response to his request by which he exercised his right of access to his personal data (image), requesting the video camera recordings from his stay at the hotel where he was accommodated, belonging to the controller.

During the investigation, the National Supervisory Authority for Personal Data Processing found that the controller had not communicated an adequate and complete written response within the legal deadline to the request of the person, by which he had exercised both the right of access and the right to erasure of his data.

As such, it was established that the provisions of Article 12 paragraphs (1)-(4) of Regulation (EU) 2016/679, in relation to Article 15 paragraph (3) and Article 17 of the same European act were infringed.

At the same time, the following corrective measures were also ordered against the controller:

  • to send a complete response to the request of the data subject, to the contact details indicated by him, by securely communicating the requested personal data, to the extent that they are still available, as well as information regarding the deletion of data, by reporting to the provisions of Article 15 paragraphs (3) and (4), Article 17, in conjunction with Article 12 of Regulation (EU) 2016/679;
  • to ensure the compliance with Regulation (EU) 2016/679 of personal data processing operations, by adopting the necessary technical and organizational measures, including in terms of appropriate training of the staff designated for this purpose, so that the controller is able to assess, correctly resolve and respond appropriately to requests by which data subjects exercise their rights, within the time limits and according to the conditions provided for in Articles 12-23 of Regulation (EU) 2016/679.

 

Legal and Communication Department

A.N.S.P.D.C.P