Home » Comunicat_Presa_21_09_2022
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

21.09.2022

Sanction for the breach of GDPR

 

The National Supervisory Authority finalized during August 2022 an investigation at the controller Curtea Veche Publishing SRL and found the breach of the provisions of Article 32 paragraph (1) letters b) and c) and paragraph (2) of the General Data Protection Regulation.

The controller was sanctioned with fine in amount of Lei 24,566 (the equivalent of EUR 5,000).

The investigation was started following the submission by the controller of some personal data security breach notifications based on the General Data Protection Regulation.

One of the data security breaches took place following the posting on a public forum of a file that contained the controller’s clients’ database from the period 2019-2021.

This situation led to the unauthorized disclosure of certain personal data such as first name, last name, telephone number, e-mail, crypted password, IP address from which the user account was created, of a number of 10,739 clients of the controller.

The second breach of the data security took place following a ransomware attack, situation that led to the unauthorized access and loss of the integrity and availability of certain personal data of approx. 100 data subjects (employees and collaborators of Curtea Veche Publishing SRL).

Within the investigation, the National Supervisory Authority found that the controller did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the processing risk for the rights and freedoms of the natural persons.

Therefore, the controller Curtea Veche Publishing SRL was sanctioned with fine in amount of Lei 24,566 (the equivalent of EUR 5,000) for the breach of the provisions of Article 32 paragraph (1) letters b) and c) and paragraph (2) of the General Data Protection Regulation.

Also, the corrective measure to review and update the technical and organizational measures implemented was applied following the evaluation regarding the risk for the rights and freedoms of the persons and of the work procedures regarding the personal data protection, inclusively through the implementation of some additional informational solutions for data security.

 

Legal and Communication Department

A.N.S.P.D.C.P.