(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Comunicate
/
Administrative fine of € 856 000 imposed by the Finnish Data Protection Authority on Verkkokokauppa.com for failure to define the storage period of customer data

Administrative fine of € 856 000 imposed by the Finnish Data Protection Authority on Verkkokokauppa.com for failure to define the storage period of customer data

img 446 Views

The National Center for Personal Data Protection (NCPDP), for information and enforcement purposes, communicates about the administrative fine of 856 000 euro imposed by the Finnish Data Protection Authority (SA) on Verkkokauppa.com for breach of Article 5 Principles relating to the processing of personal data and 25 Ensuring data protection from the time of conception and by default of the GDPR.

The Finnish SA investigated the activities of online retailer Verkkokauppa.com following a complaint from a customer. The controller had asked the customer to register as a customer before shopping online. Shopping in the online shop was not possible without creating a customer account.

The investigations found that the controller did not specify the storage period of the data collected for the customer accounts in its online shop and that they were stored indefinitely. Furthermore, the controller’s practice of requiring the creation of a customer account in order to make online purchases violated data protection legislation. The creation of a customer account or the storage of personal data resulting from such creation may not be a mandatory requirement to make individual purchases online.

In this context, the Finnish SA has imposed an administrative fine of € 856 000 on the controller for failing to define the storage period for personal data relating to customer accounts. The controller was required to specify an appropriate storage period for customer account data and to rectify its mandatory registration practice. Verkkokauppa.com was also reprimanded for practices in breach of data protection legislation.

The NCPDP as the national supervisory authority for the processing of personal data emphasizes the responsibility of data controllers to comply with the provisions of the legal framework for the protection of personal data and to ensure that personal data processing operations comply with the applicable legislation.

img
Curs de instruire în domeniul protecției datelor cu caracter personal organizat pentru reprezentanții Direcției Regionale Sud a IGPF

       La data de 14 mai 2026, Centrul Național pentru Protecția Datelor cu Caracter Personal (CNPDCP) a organizat un curs de instruire în domeniul protecției datelor cu caracter personal pentru reprezentanții Direcției Regionale Sud a Inspectoratului General al Poliției de Frontieră (IGPF). Evenimentul s-a desfășurat la sediul Direcției din municipiul Cahul.     […]

img 42 Views
The Republic of Moldova has signed the instrument of ratification for the Protocol amending Convention No. 108

       Today, May 15, 2026, in Chișinău, Deputy Prime Minister and Minister of Foreign Affairs of the Republic of Moldova, Mihai Popșoi, presented to the Secretary General of the Council of Europe the instrument of ratification of the Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of […]

img 21 Views
img Video gallery
img Information