Home » Fine_for_the_infringement_of_the_GDPR
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

Fine for the infringement of the GDPR

 

The National Supervisory Authority has finalized, on the 18th of November 2019, an investigation with the controller Royal President S.R.L., ascertaining the following:

  • the infringement of the provisions of Article 12 paragraphs (3) and (4) and of Article 15 of the General Data Protection Regulation;
  • the infringement of Article 5 paragraph (1) letter f) and Article 32 paragraph (1) of Regulation (EU) 2016/679.

The controller Royal President S.R.L. was sanctioned with a reprimand for violation of the provisions of Article 15 and Article 12 paragraphs (3) and (4) of Regulation (EU) 2016/679 and with a fine in the amount of 11,932.25 lei, the equivalent of 2500 Euros for infringing Article 5 paragraph (1) letter f) and Article 32 paragraph (1) letter b) of Regulation (EU) 2016/679.

The sanctions were applied following a complaint alleging that Royal President S.R.L. refused to handle a request for exercising the right of access provided by Article 15 of the General Data Protection Regulation, as well as the fact that it disclosed personal data without the consent of the data subject.

During the investigation, the controller Royal President S.R.L. could not prove the handling of the request for the exercise of the right of access within the time limit provided by Article 12 paragraph (3) of Regulation (EU) 2016/679.

It was also found that the personal data collected through the accommodation form were not processed in a way that would ensure their security, by taking appropriate technical or organisational measures, in order to prevent any unauthorised disclosure thus infringing the provisions of Article 5 paragraph (1) letter f), of Article 32 paragraph (1) letter b) and of Article 32 paragraph (2) of Regulation (EU) 2016/679.

At the same time, a corrective measure was applied to the controller, which consisted in the elaboration and implementation of an internal procedure regarding the protection of personal data of the beneficiaries of the accommodation services, by reference to the provisions of Article 32 of Regulation (EU) 2016/679.

 

A.N.S.P.D.C.P.