The National Supervisory Authority completed on the 21st of May 2020 an investigation at controller Enel Energie Muntenia SA and found that it violated the provisions of Article 32 of the General Data Protection Regulation.

The controller Enel Energie Muntenia SA was sanctioned with a fine in the amount of 19,368.4 lei, the equivalent of 4,000 euros.

The investigation was initiated as a result of a complaint by which the petitioner notified the violation of the security and confidentiality of personal data by Enel Energie Muntenia SA, by sending documents containing his personal data to another Enel client, using the electronic mail.

During the investigation, the National Supervisory Authority found that the controller did not implement sufficient security and confidentiality measures to prevent the accidental disclosure of personal data to unauthorised persons, thus infringing the provisions of Article 32 of the GDPR.

At the same time, the corrective measure was imposed to ensure the compliance of the operations of collection and further procesing of personal data with the General Data Protection Regulation, by implementing adequate and effective security measures, both from a technical and organisational point of view.

A.N.S.P.D.C.P.