Home » Comunicat_Presa_21_05_2025
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

Visa Information System

 

 

 

Visa Information System

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

21.05.2025

Sanction – cross-border processing

 

The National Supervisory Authority for Personal Data Processing completed, in April 2025, an investigation at the controller Data Diggers Market Research SRL and found the breach of Article 15 and Article 14 in relation to Article 12 paragraph (1) and Article 6 paragraph (1) of Regulation (EU) 2016/679.

As such, the controller was sanctioned with:

  • fine in the amount of 24,886 lei, the equivalent of 5,000 euros, for the infringement of Article 15 of Regulation (EU) 2016/679, in relation to Article 12 paragraph (1) of Regulation (EU) 2016/679;
  • fine in the amount of 9,954.40 lei, the equivalent of 2,000 lei, for the infringement of Article 14 of Regulation (EU) 2016/679, in relation to Article 12 paragraph (1) of Regulation (EU) 2016/679;
  • fine in the amount of 24,886 lei, the equivalent of 5,000 euros, for the infringement of Article 6 paragraph (1) of Regulation (EU) 2016/679.

The investigation was initiated following the receipt of intimations from two other EU data protection authorities regarding complaints filed by two individuals from these countries against the controller Data Diggers Market Research SRL.

Given that the controller Data Diggers Market Research SRL. has its main establishment in Romania, the National Supervisory Authority acted as the lead supervisory authority for cross-border processing carried out by the controller Data Diggers Market Research SRL, in accordance with the provisions of Article 56 and Article 61 of the GDPR.

During the investigation, it was found that the controller did not provide the petitioners with complete information following the exercise of the right of access to personal data, which constitutes a violation of the provisions of Article 15 of Regulation (EU) 2016/679, in conjunction with Article 12 paragraph (1) of the same legal act.

At the same time, the controller did not provide at the time of the first communication with the petitioners the information that it was obliged to communicate to the data subjects, thus violating the provisions of Article 14 paragraphs (1) and (2) of Regulation (EU) 2016/679, in relation to Article 12 paragraph (1) of the same legal act.

Also, the controller did not prove the fulfillment of one of the conditions regarding the lawfulness of the processing of the petitioners’ personal data, which represents a violation of the provisions of Article 6 paragraph (1) of Regulation (EU) 2016/679.

At the same time, pursuant to Article 58 paragraph (2) letter d) of Regulation (EU) 2016/679, the National Supervisory Authority applied to the controller the corrective measure by ordering regular training measures for the company’s staff regarding the procedure to be followed in order to correctly handle the requests submitted by the data subjects and regarding compliance with the conditions of legality of data processing, in relation to Article 6 of Regulation (EU) 2016/679.

 

Legal and Communication Department

A.N.S.P.D.C.P