(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Comunicate
/
Fines applied by Romanian National Supervisory Authority For Personal Data Processing

Fines applied by Romanian National Supervisory Authority For Personal Data Processing

img 602 Views

The National Center for Personal Data Protection, for information and application purposes, communicates about a series of fines applied by Romanian National Supervisory Authority for Personal Data Processing for violating the provisions of General Data Protection Regulation (GDPR).

–  An economic agent was fined with 15 000 EUR for violating the security of personal data. On the Facebook page on which the controller conducted an online contest to attract customers participating in the car service, was posted a document with a screenshot of the source code of the website which included the access password to the forms completed by the contest participants.

This situation created the possibility of viewing and unauthorized access to personal data of a number of 436 customers of the controller, through its website and the unauthorized disclosure of such data, contrary to the provisions of art. 32 of  GDPR.

–    At the same time, a banking institution was fined with 5 000 EUR for collecting copies of customers’ ID card through an employee’s personal phone.

The investigation was initiated following a complaint and during its conduct, the Romanian National Supervisory Authority for Personal Data Processing found that the banking institution did not implement technical and organizational measures to ensure an adequate level of security appropriate to the risk of processing. The controller did not take steps to ensure that any natural person acting under his authority who has access to personal data does not process them except on instructions from the controller, unless this obligation is required by Union or Member State law.

Moreover, the banking institution should have implemented some technical measures so as to ensure the confidentiality of personal data and strictly authorized access to data transmitted by its customers.

The non-compliance with the requirements aforementioned, has led to the infringement of GDPR and the sanctioning of the controller concerned with 5 000 EUR.

img
Curs de instruire în domeniul protecției datelor cu caracter personal organizat pentru reprezentanții Agenției de Administrare a Instanțelor Judecătorești

   La data de 29 septembrie 2023, Centrul Național pentru Protecția Datelor cu Caracter Personal (CNPDCP) a organizat un curs de instruire cu genericul „Evaluarea, prin prisma sistemului de control intern managerial existent, funcționalitatea procesului de prelucrare a datelor cu caracter personal în cadrul judecătoriilor și curților de apel” pentru angajații Agenției de Administrare a […]

img 21 Views
img
Asigurarea protecției datelor cu caracter personal în activitatea Centrului Național Anticorupție

   La data de 28 septembrie 2023, Centrul Național pentru Protecția Datelor cu Caracter Personal (CNPDCP) a organizat un curs de instruire cu genericul „Asigurarea protecției datelor cu caracter personal în activitatea Centrului Național Anticorupție” pentru angajații Centrului Național Anticorupție (CNA), la solicitatea acestora.    Scopul cursului de instruire a fost de a spori gradul […]

img 45 Views
img Video gallery
img Information