Home » Comunicat_Presa_18_04_2022
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

18.04.2022

Sanction for the infringement of GDPR

 

The National Supervisory Authority finalised, during March 2022, an investigation at the controller IKEA Romania S.R.L. and found the breach of the provisions of Article 12 paragraph (3) from the General Data Protection Regulation.

Therefore, the controller was sanctioned with a fine in amount of Lei 4,949 (the equivalent of EUR 1,000).

The investigation was started following a complaint through which the data subject claimed that he/she addressed to the controller for the erasure of an user account.

Within the investigation performed, it resulted that the data subject, through repetitive requests, has exercised his/her right to erasure of his/her personal data from an Ikea user account, created based on an e-mail address.

The National Supervisory Authority found that the controller IKEA Romania S.R.L. did not prove that it provided within the legal deadline a response to the requests through which the data subject exercised his/her right to erasure provided under Article 17 from the General Data Protection Regulation, which represents a breach of the provisions of Article 12 paragraph (3) from the General Data Protection Regulation.

Through Article 12 paragraph (3) from the General Data Protection Regulation it is established that:

“The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.”

At the same time, within the investigation, also the corrective measure to take all necessary measures in order to observe, in all cases, the rights of the data subjects provided under the General Data Protection Regulation, was applied to the controller.

 

Legal and Communication Department

A.N.S.P.D.C.P.