Fine for the infringement of GDPR
On the 21st of September 2020, the National Supervisory Authority finalized an investigation at S.C. Marsorom S.R.L., finding the violation of Article 25 and Article 32 of the General Data Protection Regulation.
The controller S.C. Marsorom S.R.L. was sanctioned with a fine of 14,574.9 lei, the equivalent of 3,000 euros.
The investigation took place as a result of a notification claiming that some personal data of its customers could be viewed on the controller’s website.
During the investigation it was found that the controller S.C. Marsorom S.R.L. violated the provisions of Articles 25 and 32 of the General Data Protection Regulation as it did not adopt sufficient security measures to prevent the unauthorised access and disclosure of personal data of customers who placed orders on this site.
At the same time, the controller was recommended to establish a shorter storage period of personal data related to customer accounts in order to comply with the principle of storage limitation provided by Article 5 paragraph (1) letter e) of the General Data Protection Regulation.