Home » Comunicat_Presa_13_11_2024
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

13.11.2024

Sanction for infringing the GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in October 2024, an investigation at the controller UP ROMÂNIA SRL and found the infringement of Article 5 paragraph (1) letters a), c) and paragraph (2) and of Article 6 of Regulation (EU) 2016/679, in conjunction with Article 5 letters a)-d) of Law no. 190/2018, as well as for the infringement of Article 5 paragraph (1) letter e) and paragraph (2) of Regulation (EU) 2016/679, in conjunction with Article 5 of Law no. 190/2018.

As such, the controller was sanctioned:

  • with a fine of 19,898.4 lei (the equivalent of 4,000 euros) for breaching the provisions of Article 5 paragraph (1) letters a), c) and paragraph (2) and of Article 6 of Regulation (EU) 2016/679, in conjunction with Article 5 letters a)-d) of Law no. 190/2018;
  • with a reprimand for breaching the provisions of Article 5 paragraph (1) letter e) and paragraph (2) of Regulation (EU) 2016/679, in conjunction with Article 5 of Law no. 190/2018.

The investigation was launched following a complaint submitted by a natural person regarding a possible violation of Regulation (EU) 2016/679.

During the investigation, it was found that the controller processed the personal data of his employee, data collected through the GPS monitoring system installed on the company car, while he was outside the working hours, including during vacation periods.

Thus, the processing of data related to identification and its location during the employee’s free time was carried out without a legal basis and in violation of the principles of personal data processing, related to legality and transparency, as well as data minimisation.

At the same time, it was found that this situation affected several employees of the controller, who were in a similar situation.

As such, this situation represents a violation of the provisions of Article 5 paragraph (1) letters a), c) and paragraph (2) and of Article 6 of Regulation (EU) 2016/679, in conjunction with Article 5 letters a)-d) of Law no. 190/2018.

Also, during the investigation, it was found that the controller stored, unjustifiably, for periods exceeding the legal deadline of 30 days, the data of the employees through the GPS system installed on the company cars, being violated the provisions of Article 5 paragraph (1) letter e) and paragraph (2) in conjunction with Article 5 of Law no. 190/2018.

At the same time, based on the provisions of Article 58 paragraph (2) letter b) of Regulation (EU) 2016/679, the following corrective measures were ordered against the controller:

  • to ensure compliance of the personal data collection and further processing operations with Regulation (EU) 2016/679, by reassessing the need to achieve the proposed goals by using data from the use of the GPS monitoring system installed on the company cars of the controller’s employees, by referring to the obligations provided by Regulation (EU) 2016/679 and Law no. 190/2018;
  • to ensure compliance of personal data collection and further processing with Regulation (EU) 2016/679, by limiting the data storage period by reference to the purposes of data processing and removing excessively stored/processed data from the record system.

 

Legal and Communication Department

A.N.S.P.D.C.P