Home » Comunicat_Presa_22_02_2022_2
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

22.02.2022

Fine for the infringement of GDPR

 

The National Supervisory Authority finalised in February an investigation at the controller Civil Professional Attorneys-at-Law firm „Sabou, Burz & Cuc” and found that it breached the provisions of Article 5 paragraph (1) letters a), b), c) and f) and paragraph (2) and of Article 6 from the General Data Protection Regulation.

The Civil Professional Attorneys-at-law Firm „Sabou, Burz & Cuc” was sanctioned with a fine in amount of Lei 4,946, the equivalent of EUR 1,000.

The investigation was started following a complaint through which the disclosure by the controller of the personal data of a claimant (client of the controller) without his agreement and prior information, by posting an address received by the latter from a public institution on a Whatsapp group used by the lawyers of a bar, was claimed.

Within the investigation it was found that the Civil Professional Attorneys-at-law Firm „Sabou, Burz & Cuc”  has disclosed the personal data of the data subject (first name, last name, domicile address, information regarding a file pending before a court) on a WhatsApp group of 247 members, without a legal basis, excessively and in an incompatible manner with their initial purpose for collection, as well as without taking technical and organisational measures for ensuring the confidentiality of these data, thus breaching the provisions of Article 5 paragraph (1) letters a), b), c) f) and paragraph (2), as well as those of Article 6 of the General Data Protection Regulation.

Also, the following corrective measures were applied to the controller:

  • the corrective measure to ensure the compliance with the General Data Protection Regulation of the collecting and subsequent processing activities of the claimant’s personal data in order to ensure the notification of all the  members of the Whatsapp group used by the lawyers of a bar in order to erase the address posted within this group;
  • the corrective measure to ensure the compliance with the General Data Protection Regulation of the collecting and subsequent processing of personal data operations within the relationships of legal assistance and representation of the controller’s clients, so as to avoid the disclosure of the personal data obtained by them, outside the situations permitted by law, inclusively through the regular training of the persons processing data under the authority of the controller.

 

A.N.S.P.D.C.P.