Home » Comunicat_presa_07.07.2022
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

07.07.2022

 

Fine for the breach of GDPR

 

The National Supervisory Authority finalized during May current year an investigation at the controller E Software Concept SRL and found the breach of the provisions of Article 58 paragraph (1) letters a) and e) and of Article 32 paragraph (1) letter b) and paragraph 2 of the General Data Protection Regulation.

Therefore, the company E Software Concept SRL was sanctioned as it follows:

  • fine in amount of Lei 4,945.54, the equivalent of EUR 1,000, given that the controller did not provide the information requested by the Supervisory Authority:
  • fine in amount of Lei 14,837.10, the equivalent of EUR 3,000, given that the controller did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the risk of the processing.

Within the investigation it was found that on the controller’s website, at some links, certain documents were publicly available (such as the invoices issued by E Software Concept SRL to its clients, natural and legal persons, and the AWBs – the transportation documents that mandatory accompany the expedition of the packages, issued by those requesting the delivery service) through which the following personal data were disclosed: first name, last name, address of the sender and recipient, telephone number, username and password, e-mail address. This situation led to the loss of the confidentiality of the personal data of the controller’s clients (natural and legal persons).

Thus, the company E SOFTWARE CONCEPT SRL was sanctioned with fine for the breach of the provisions of Article 32 paragraph (1) letter b) and paragraph 2 of the General Data Protection Regulation given that it did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the risk of the processing.

At the same time, the controller was sanctioned with fine as it did not proceed to the request for information submitted by the National Supervisory Authority within the exercise of its powers.

Legal and Communication Department

A.N.S.P.D.C.P.