Sanction for the GDPR breach
The National Supervisory Authority finalised in March current year an investigation at the controller Partidul Uniunea Salvati Romania and found the breach of the provisions of Article 5 paragraph (1) letters a) and b) in conjunction with article 6 from the General Data Protection Regulation (GDPR).
Therefore, Partidul Uniunea Salvati Romnia (USR) was sanctioned with fine in amount of Lei 14,776.5 (the equivalent of Eur 3,000).
The sanction was applied following some intimations, redirected by the Romanian Ombudsman, through which it was reported that on the website of Partidul Uniunea Salvati Romania personal data belonging to some persons with different degrees of disability are posted.
Within the investigation performed it was found that the controller retrieved personal data of some data subjects, respectively first name, last name, PIN, address, series and number of the identity card, number of medical expertise certificate, degree of disability, from the official documents of the public institutions and authorities, subsequently publishing them on the website of the party, within a project of USR, with the breach of the processing principles, without having a legal basis for that processing.
Also, the corrective measure to ensure the conformity with the GDPR principles when performing the personal data processing operations, by re-analysing the documentation published in the website hcl.usr.ro, that contains the decisions, provisions and findings reports issued by the public local authorities, for the anonymisation of the personal data, was applied to the controller.
Legal and Communication Department