The National Supervisory Authority finalised in January of the current year an investigation at the controller Medijobs Platform SRL within which it found the breach of the provisions of Article 32 paragraph (1) letters b) and c) of the General Data Protection Regulation.

Therefore, the company Medijobs Platform SRL was sanctioned with a fine in amount of Lei 24,610.5, the equivalent of EUR 5,000.

The investigation was started following the submission by the controller of a personal data security breach notification based on the General Data Protection Regulation.

Within the investigation performed it was found that the breach of the data processing security took place through the unauthorized access of the IT infrastructure managed by Medijobs Platform SRL, which made possible the download and erasure of some personal data.

This situation led to the unauthorized disclosure or unauthorized access to certain personal data from the CVs of the candidates, such as: first name, last name, e-mail, telephone number, professional/educational history, hobbies, family status.

Therefore, the controller Medijobs Platform SRL was sanctioned with fine for the breach of the provisions of Article 32 paragraph (1) letter b) and paragraph (2) from the General Data Protection Regulation given that it did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the risk of the processing.

Also, the corrective measure to review and update the technical and organizational measures implemented following the evaluation regarding the risk for the persons’ rights and freedoms, as well as the working procedures regarding the personal data protection and the training of the employees was applied to the controller.

Legal and Communication Department

A.N.S.P.D.C.P.