The National Supervisory Authority finalized in December 2022 an investigation at BRISTOL LOGISTICS SA and found the breach of the provisions of Article 32 paragraph (1) letter b) and paragraph (2) of the Regulation (EU) 2016/679.

Therefore, the controller BRISTOL LOGISTICS SA was sanctioned with fine in amount of Lei 9,828.00 (the equivalent of EUR 2,000).

The investigation as started following the submission by the controller of two data security breach notifications, based on the provisions of Article 33 of the Regulation (EU) 2016/679.

Within the investigation it was found that the security breach incident consisted of the theft of a portfolio containing the personnel files of 12 employees, that led to the access of personal data by unauthorized persons.

Therefore, it was found that the controller BRISTOL LOGISTICS SA did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the risk of the processing generated specifically, accidentally or illegally, by the destruction, loss, alteration, unauthorized disclosure or unauthorized access to the personal data (contact/identification data, details in relation to the employment, information regarding the tax deduction and the persons under care, occupational health qualification).

At the same time, based on the provisions of Article 58 paragraph (2) of Regulation (EU) 2016/679, it was ordered to the controller also the corrective measure to review and update the technical and organizational measures implemented following the evaluation regarding the risk for the person’s rights and freedoms, including the working procedures regarding the personal data, as well as the performance of a training for the persons authorized to process data on the risks and consequences that the disclosure of personal data involves.

Legal and Communication Department

A.N.S.P.D.C.P.