Home » Comunicat_Presa_22_02_2022_1
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

22.02.2022

Sanction for the breach of GDPR

 

During February 2022, the National Supervisory Authority finalised an investigation at the controller IAMSAT Muntenia SA and found the breach of the provisions of Article 12, Article 13 and Article 21 of the General Data Protection Regulation.

The controller was sanctioned, as it follows:

  • with a fine, in amount of Lei 9,892.4, the equivalent of EUR 2,000, for the breach of the provisions of Articles 12-13 of the General Data Protection Regulation;
  • fine in amount of Lei 4,946.2, the equivalent of EUR 1,000, for the breach of the provisions of Article 12 paragraph (3) and Article 21 of the General Data Protection Regulation.

The investigation was started following a complaint submitted by a data subject that claimed that IAMSAT Muntenia SA continued to process his/her personal data after the termination of the employment agreement, in 2020. Through a request, this person brought to the knowledge of the controller that he/she does not give his/her consent for the use of his/her e-mail address and is opposing to the processing of his/her personal data by IAMSAT Muntenia SA and/or third parties natural or legal persons, after the termination of the employment agreement.

Within the investigation performed, it was noted that IAMSAT Muntenia SA did not submit proofs regarding the prior and complete information of its employees, including of the data subject, before starting the processing of the personal data of these persons through video surveillance means installed at their workplace, put into function from the 2020 mid-year, although the controller has the obligation to inform the employees according to Article 12-13 of the General Data Protection Regulation.

Also, it was found that IAMSAT Muntenia SA did not handle the request of the data subject and did not communicate an answer regarding the measures taken following the exercise of the right to object within the legal deadlines, according to the provisions of Article 12 paragraph (3) corroborated with the provisions of Article 21 of the General Data Protection Regulation.

At the same time, within the investigation two corrective measures were applied to the controller, as it follows:

  • the corrective measure to ensure the compliance with the General Data Protection Regulation of the personal data processing operations, by ensuring a complete information of the data subjects, specifically of the controller’s employees, in relation to the use of the video-surveillance system, by reference to the obligations provided under Article 12-13 of the General Data Protection Regulation;
  • the corrective measure to provide an answer to the data subject to his/her request, that would contain the measures taken subsequent to the exercise of the right to object, by reference to the provisions of Article 12 and 21 of the General Data Protection Regulation. 

 

Legal and Communication Department

A.N.S.P.D.C.P.