Home » Comunicat_Presa_11.07.2022
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

11.07.2022

 

Sanction for the infringement of the GDPR

 

The National Supervisory Authority finalized in June an investigation at Delivery Solutions S.A. (Sameday) and found the breach of the provisions of Article 29, Article 32 paragraph (1) letter b) and paragraph (2) of the General Data Protection Regulation.

 

Delivery Solutions S.A. (Sameday) was sanctioned with fine in amount of Lei 14,825.70 (the equivalent of EUR 3,000).

 

The investigation was started following some intimations submitted by a natural person that reported the fact that the database of Delivery Solutions S.A. (Sameday) is for sale on the website https://raidforums.com/Thread-SELLING-=ae-SAMEDAY-RO-Romanian-Postal-Service.

Within the investigation, it was found that Delivery Solutions SA (Sameday) is processor for two companies for the processing of personal data, being obliged to take all the necessary measures to systematically protect the processing of personal data of natural persons, as provided under Article 28 paragraph (3) letter c) of the GDPR, including against the unauthorized disclosure and/or access to data. 

 

Also, it was found that the personal data belonging to a number of 26566 natural data subjects (AWB number and date – the transport documents that is mandatory for the shipping of any package, couriers indicatives, name of the sender, first name and last name of the recipient, telephone number, address, delivery status, type of the service, weight of the package, the amount to be cashed in, delivery interval) were available for sale on the forum RaidForums and could be accessed by using the link https ://raidforums.com/Thread-SELLING-=æ-SAMEDAY-RO-Romanian-Postal-Service.

Therefore, Delivery Solutions SA was sanctioned with fine given that it did not implement the adequate technical and organizational measures in order to ensure a level of security corresponding to the risk of the processing for the rights and freedoms of the natural persons, which led to the unauthorized disclosure and/or access to the personal data for 26566 natural data subjects.

 

Legal and Communication Department

A.N.S.P.D.C.P.