The National Supervisory Authority finalized an investigation at a natural person, as controller, within which it found the breach of some provisions of the General Data Protection Regulation.

Therefore, that controller was sanctioned as it follows:

With fine in amount of Lei 493.91 (the equivalent of EUR 100) for the breach of the provisions of Article 5 paragraph (1) letters a) and f) and Article 6 paragraph (1) letter a) from the General Data Protection Regulation;
With fine in amount of Lei 246.955 (the equivalent of EUR 50) for the breach of Article 58 paragraph (1) letters a) and e) and Article 83 paragraph 5 letter e) from the General Data Protection Regulation.

The investigation was started following an intimation through which a possible breach of the processing security by the website https://centralpoint.ro/afisare-bd-general/ was reported.

During the performance of the investigation the National Supervisory Authority found that the natural person in question was the owner of the website https://centralpoint.ro/afisare-bd-general/ and that he/she published on this website several personal data, such as: personal identification number, telephone number, identity card series and number, e-mail address, bank details (buildings purchase), civil status, that affected a number of 383 natural persons. This situation led to the unauthorized disclosure, which represents a breach of the provisions of Article 5 paragraph 1 letters a) and f) and Article 6 paragraph (1) letter a) from the General Data Protection Regulation.

Legal and Communication Department

A.N.S.P.D.C.P.