Home » Comunicat_Presa_13_/_05_/_2021
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

13/05/2021

A new sanction for the infringement of GDPR

 

The National Supervisory Authority finalised on 23.04.2021 an investigation with the controller Telekom Romania Communications SA and found the breach of the provisions of Article 6 and 21 from the General Data Protection Regulation.

The controller Telekom Romania Communications SA was sanctioned with a reprimand for the breach of the provisions of Article 6 from the Regulation (EU) 2016/679 and with a fine in amount of Lei 9.851,40 (the equivalent of the amount of Eur 2,000) for the violation of Article 21 from the same Regulation.

The sanctions were applied following a complaint through which it was argued that the claimant was contacted on his telephone number for marketing purposes by a representative of Telekom, although he has withdrawn his consent for the use of his personal data together with the termination of the contractual relationship with the controller.

Subsequently, the claimant has exercised his right to object to the processing of his personal data for marketing and advertising purposes by requesting to the controller the deletion of his phone number and e-mail address from the Telekom database.

Nevertheless, the claimant was contacted again by a Telekom representative for marketing purposes. Therefore, the claimant has submitted a new request to the controller in order not to be further contacted and to delete his phone number and e-mail address from the database.

Following this request, the controller communicated to the claimant that his e-mail and phone number have been deleted from the clients’ management system, also confirming that he has been called by a Telekom representative which, by human error, did not realize that he did not have the permission of the claimant to call him.

During the investigation carried out the National Supervisory Authority found that Telekom România Communications S.A. has processed the personal data of the claimant for marketing purposes without having a legal basis, thus breaching the provisions of Article 6 of the GDPR.

Also, the controller has contacted by phone the claimant although the latter had exercised his right to object, thus breaching the provisions of Article 21 of the GDPR.

In this context, we remind that within Chapter III from the Regulation (EU) 2016/679 the rights of the data subject are regulated: the right to information, the right of access, the right to rectification, the right to erasure (”the right to be forgotten”), the right to restriction of processing, right to data portability, right to object, the right not to be subject to a decision based solely on automated processing, the right to lodge a complaint with a competent supervisory authority.

 

Legal and Communication Department

ANSPDCP