Home » A_new_sanction_for_the_infringement_of_GDPR
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

 

A new sanction for the infringement of GDPR

 

The National Supervisory Authority completed on the 23rd of April 2020 an investigation at controller Telekom Romania Communications SA and found that it violated the provisions of Article 32 of the General Data Protection Regulation.

The controller Telekom Romania Communications SA was sanctioned with a fine in the amount of 14,524.2 lei, the equivalent of 3,000 euros.

The investigations was initiated following the receipt of complaints by which the petitioner complained about the fraudulent use of his personal data when concluding contracts on his behalf by Telekom Romania Communications SA.

During the investigation, the National Supervisory Authority found that the controller did not implement sufficient security measures, including the verification of the accuracy of personal data collected by telephone (remotely) for the purpose of concluding contracts.

This led to an illegal processing of the petitioner’s data by concluding subcription contracts on his name, using the personal data from the pre-existing contract, withou verifying their correctness, contrary tot eh obligations provided by Article 32 of the GDPR. In this sense, Article 32 provides, among others, in paragraph (1) letter b) also the obligation of the controller to implement appropriate technical and organisational measures, including the capacity to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

The corrective measure was also imposed to the controller to ensure the compliance of the operations of collection and further processing of personal data with the GDPR, by implementing effective procedures for the identification of persons, preventing the illegal processing of personal data and their unauthorised disclosure, both by the employees/collaborators of Telekom Romania Communications SA, as well as by the processors and their employees/collaborators and also their regular training and the periodical verification of the observance of the given instructions, in line with Article 58 paragraph (2) letter d) of the GDPR.

 

A.N.S.P.D.C.P.