The National Supervisory Authority for Personal Data Processing has applied, based on Article 33 of Law no. 677/2001, a contraventional fine of 3.000 RON to Braşov Direction of Public Finance for the failure to fulfill the obligations regarding the enforcement of security measures and the confidentiality of the processing of personal data.
Thus, the investigation carried out following a notice received from the media, it was ascertain that Braşov Direction of Public Finance, as a data controller, did not take all the measures necessary in order to prevent the loss or the unauthorized access to personal data administrated by it.
Therefore, according to Article 20 of Law no. 677/2001, any data controller has the obligation to apply adequate technical and organizational measures in order to protect the personal data against the accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access, notably if the respective processing involves the data’s transmission within a network, as well as against any other form of illegal processing.
Legal and communication department
29th of October 2014