Home » Comunicat_Presa_21.03.2025
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

Visa Information System

 

 

 

Visa Information System

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

21.03.2025

Sanction for the breach of the GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in February 2025, an investigation at the controller Bucharest Down Town Hotel SRL and found the breach of Article 12 paragraph (3), Article 13 and Article 15 of Regulation (EU) 2016/679.

As such, the controller was sanctioned with fine of 4,975.00 lei (the equivalent of 1,000 euros).

The investigation was initiated following a complaint alleging a violation of the provisions of Regulation (EU) 2016/679.

The National Supervisory Authority for the Processing of Personal Data found that the data subject requested to be provided with all personal data belonging to him and held by the controller, including a copy of the signed document and any audio-video recording concerning him.

During the investigation, it emerged that the controller had not provided proof that it had sent a response within the legal deadline to the request for the exercise of the right of access of the data subject.

It was also found that the controller had sent the response to the petitioner, as a result of the steps taken by the National Supervisory Authority for the Processing of Personal Data, without providing him with all the personal data he holds, including a copy of the signed document and any audio-video recording relating to him. Therefore, this situation constitutes a violation of the provisions of Article 12 paragraph (3), Article 13 and Article 15 of Regulation (EU) 2016/679.

Pursuant to Article 58 paragraph (2) letter c) of Regulation (EU) 2016/679, the following corrective measures were ordered to the controller:

  • To comply, in all cases, with the applicable provisions regarding the analysis and handling, without delay, of requests to exercise the rights provided for in Regulation (EU) 679/2016 and to communicate the responses to the data subjects within the legal deadlines;
  • To provide full information to all data subjects, in relation to all activities involving the processing of personal data, by providing all the information provided for in Article 12 and Article 13 of Regulation (EU) 2016/679.

 

Legal and Communication Department

A.N.S.P.D.C.P