Sanction for the infringement of GDPR
The National Supervisory Authority finalized on the 4th of November 2020 an investigation at the controller Vodafone România S.A. and found that the provisions of Articles 12, 15 and 17 of the General Data Protection Regulation were infringed.
The controller Vodafone România S.A. was sanctioned with a fine of 19,468.8 lei, the equivalent of 4,000 euros.
The sanction was imposed as a result of some complaints claiming that the controller did not respond to requests to exercise the rights of access and erasure provided by Article 15 and Article 17 of the General Data Protection Regulation.
During the investigation, Vodafone Romania S.A. could not prove the settlement of the requests for exercising the access and erasure rights within the deadline provided by Article 12 of the Regulation.
At the same time, a corrective measure to communicate a response to the petitioner to his requests regarding the measures adopted on their basis was applied to the controller.