Home » Comunicat_Presa_12_04_2024
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

12.04.2024

Sanction for GDPR infringement

 

In April 2024 the National Supervisory Authority for personal Data Processing closed an investigation on the Medical Centre Dr. Furtună Dan   data controller and found an infringement on the provisions of Article 58(2), Article 83(5)(e) and Article 83(6) of Regulation (EU) 2016/679 (GDPR) and of the provisions of Article 5(1)(f) in conjunction with those of Article 5(2) and Article 24 of the GDPR.

Following the investigation, the controller was sanctioned with a fine in the amount of 7,455 Lei, the equivalent of 1,500 EUR for the infringement provided by Article 83(5)(e) and Article 6 of the GDPR, as well as a reprimand for the violation of Article 5(1)(f) read in conjunction with Article 54(2) and Article 24 of the GDPR.

The investigation was launched after the controller has not submitted to the National Supervisory Authority any proof on complying with the corrective measures in the sanctioning report issued by our institution.

In the investigation it was found that Medical Centre Dr. Furtună Dan has not followed to the corrective measure ordered in the record on finding/sanctioning contraventions, in accordance with Article 58(2)(d) if the GDPR, thus breaching the provisions of Article 58(2), Article 83(5)(e) and Article 83(6) of the GDPR.

At the same time, the National Supervisory Authority found that the controller had breached the provisions of Article 5(1)(f) in conjunction with Article 5(2) and Article 24 of the GDPR by failing to take sufficient organisational measures to process data in a manner that ensures their adequate security.

In addition, the controller was also ordered to take the corrective measure of reviewing and updating its technical and organisational measures implemented following the risk assessment on the rights and freedoms of individuals, including its working procedures on the protection of personal data. At the same time, it was ordered that the controller set up a register of all cases of personal data breaches, which should also include a description of the factual situation that led to the personal data breach, its effects and the proposed corrective measures, as provided for in Article 33(5) of the GDPR.

 

Legal and Communication Department

A.N.S.P.D.C.P.