Home » Comunicat_Presa_15.01.2024
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

Visa Information System

 

 

 

Visa Information System

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

15.01.2024

A new sanction for the infringement of the GDPR

 

The National Supervisory Authority for Personal Data Processing finalized in December last year an investigation at the controller TECHNINK LEB SRL and found the breach of the provisions of Article 32 paragraph (1) letters a), b) and d), in conjunction with Article 32 paragraph (2) from the General Data Protection Regulation (GDPR).

Therefore, the controller was sanctioned with fine in amount of Lei 14,904.30, the equivalent of EUR 3,000.

The investigation was started following the submission by the controller of a personal data security breach notification based on the General Data Protection Regulation.

The breach of the data security took place following the unauthorized disclosure of the personal data (id, address, first name, last name, e-mail address, company, sales, active, subscriber to the informative bulletin, registration and last visit) for a significant number of clients, these data being accessible on the website of the controller.  

Within the investigation it was found that the controller did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the risk presented by the processing, generated specifically by the unauthorized disclosure or unauthorized access to the personal data stored.

Also, based on Article 58 paragraph (2) letter d) from the GDPR, the following corrective measures were ordered against TECHNINK LEB SRL:

  • The implementation of a plan that shall include a testing, evaluation and periodical assessment process of all systems and the subsequent amendments of the latter performed by the controller or services providers (processors), specifically on the website managed by the controller;
  • The drafting and implementation of some complexity procedures for the passwords, specifically for the administrator accounts, that shall contain specific requirements such as: minimum length of the password, the variety of the characters, its expiry period, as well as the impossibility to re-use a previously registered password. 

 

Legal and Communication Department

A.N.S.P.D.C.P.