Home » Comunicat_Presa_27.02.2025
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

Visa Information System

 

 

 

Visa Information System

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

27.02.2025

Sanction for the breach of the GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in February current year, an investigation at the controller Velvet Medical SRL and found the breach of Article 12 paragraphs (1) – (4) of the General Data Protection Regulation (GDPR), by reference to Article 15 paragraph (3) of the GDPR.

As such, the controller was sanctioned with fine of 4,976.4 lei, the equivalent of 1,000 euros.

The investigation was started as a result of a complaint through which the petitioner claims the refusal of the controller Velvet Medical SRL to comply with his request to receive the medical data, respectively the documents from the medical file. Later, the petitioner submitted a new request for access to his data, but the controller did not respond this time either.

During the investigation, the National Supervisory Authority found that Velvet Medical SRL did not present evidence showing that it had responded to the petitioner’s request through which he had exercised his right of access to his medical data.

It was also found that the controller did not present evidence of communication of a proper and complete response even to the second access request of the petitioner, addressed to the controller, thus violating the provisions of Article 12 paragraphs (1) - (4) of the GDPR, by reference to Article 15 paragraph (3) of the GDPR.

At the same time, pursuant to the provisions of Article 58 paragraph (2) letters c) and d) of Regulation (EU) 2016/679, the following corrective measures were ordered against the controller Velvet Medical SRL:

  • to send a complete reply to the request of the petitioner, by e-mail, from the official address of the controller, by communicating in a secure manner the requested personal data, by reference to the provisions of Article 15 paragraphs (3) and (4) of the GDPR;
  • to ensure compliance of personal data processing operations with the GDPR, by adopting the necessary technical and organisational measures, including the appropriate training of the personnel designated for this purpose, so that the controller is able to assess, to correctly handle and to respond in an appropriate manner to the requests through which the data subjects exercise their rights, within the deadlines and according to the conditions provided by Article 12-23 of the GDPR.

 

Legal and Communication Department

A.N.S.P.D.C.P