Fine for the breach of GDPR
The National Supervisory Authority finalized during May current year an investigation at the controller E Software Concept SRL and found the breach of the provisions of Article 58 paragraph (1) letters a) and e) and of Article 32 paragraph (1) letter b) and paragraph 2 of the General Data Protection Regulation.
Therefore, the company E Software Concept SRL was sanctioned as it follows:
- fine in amount of Lei 4,945.54, the equivalent of EUR 1,000, given that the controller did not provide the information requested by the Supervisory Authority:
- fine in amount of Lei 14,837.10, the equivalent of EUR 3,000, given that the controller did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the risk of the processing.
Within the investigation it was found that on the controller’s website, at some links, certain documents were publicly available (such as the invoices issued by E Software Concept SRL to its clients, natural and legal persons, and the AWBs – the transportation documents that mandatory accompany the expedition of the packages, issued by those requesting the delivery service) through which the following personal data were disclosed: first name, last name, address of the sender and recipient, telephone number, username and password, e-mail address. This situation led to the loss of the confidentiality of the personal data of the controller’s clients (natural and legal persons).
Thus, the company E SOFTWARE CONCEPT SRL was sanctioned with fine for the breach of the provisions of Article 32 paragraph (1) letter b) and paragraph 2 of the General Data Protection Regulation given that it did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the risk of the processing.
At the same time, the controller was sanctioned with fine as it did not proceed to the request for information submitted by the National Supervisory Authority within the exercise of its powers.
Legal and Communication Department