ANSPDCP (Romania) - Prestige Media PHG SRL: Difference between revisions
m (→Facts) |
No edit summary |
||
(One intermediate revision by one other user not shown) | |||
Line 65: | Line 65: | ||
}} | }} | ||
The Romanian DPA fined a controller €5,000 for publishing | The Romanian DPA fined a controller €5,000 for publishing information regarding another company's employees on its website without a legal basis. | ||
== English Summary == | == English Summary == | ||
Line 75: | Line 75: | ||
=== Holding === | === Holding === | ||
The DPA held that the controller did not provide evidence of the fact that it lawfully processed the personal data of the 23 data subjects. As such, the DPA found that the controller violated the principle of lawfulness, fairness and transparency laid down in [[Article 5 GDPR#1a|Article 5(1)(a)]], the principle of accountability laid down in [[Article 5 GDPR#2|Article 5(2)]] and [[Article 6 GDPR|Article 6 GDPR]]. | The DPA held that the controller did not provide evidence of the fact that it lawfully processed the personal data of the 23 data subjects. As such, the DPA found that the controller violated the principle of lawfulness, fairness and transparency laid down in [[Article 5 GDPR#1a|Article 5(1)(a)]], the principle of accountability laid down in [[Article 5 GDPR#2|Article 5(2)]] and [[Article 6 GDPR|Article 6 GDPR]]. Therefore, the DPA fined the controller €5,000. The DPA also ordered the controller to remove all information that allowed the identification of the data subjects from the publications on its website. | ||
Therefore, the DPA fined the controller €5,000. The DPA also ordered the controller to remove all information that allowed the identification of the data subjects from the publications on its website. | |||
== Comment == | == Comment == |
Latest revision as of 13:28, 23 November 2022
ANSPDCP - Prestige Media PHG SRL | |
---|---|
Authority: | ANSPDCP (Romania) |
Jurisdiction: | Romania |
Relevant Law: | Article 5(1)(a) GDPR Article 5(2) GDPR Article 6 GDPR |
Type: | Complaint |
Outcome: | Upheld |
Started: | |
Decided: | |
Published: | 08.11.2022 |
Fine: | 5,000 EUR |
Parties: | Prestige Media PHG SRL |
National Case Number/Name: | Prestige Media PHG SRL |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | Romanian |
Original Source: | ANSPDCP (in RO) |
Initial Contributor: | Daniela Duta |
The Romanian DPA fined a controller €5,000 for publishing information regarding another company's employees on its website without a legal basis.
English Summary
Facts
A complaint was filed with the Romanian DPA, alleging that Prestige Media PHG SRL (the controller) published confidential documents, such as terminations of employment contracts of another company's employees (the data subjects) on its website. As a result, the DPA started an investigation into the controller.
During the investigation, the DPA confirmed that, indeed, 23 such documents were published on the controller's website. The publications contained the name, surname, position, employment contract number and disciplinary violations of these employees. The DPA also found that the data subjects had no legal relationship with the controller.
Holding
The DPA held that the controller did not provide evidence of the fact that it lawfully processed the personal data of the 23 data subjects. As such, the DPA found that the controller violated the principle of lawfulness, fairness and transparency laid down in Article 5(1)(a), the principle of accountability laid down in Article 5(2) and Article 6 GDPR. Therefore, the DPA fined the controller €5,000. The DPA also ordered the controller to remove all information that allowed the identification of the data subjects from the publications on its website.
Comment
The Romanian DPA rarely published full decisions. This summary is based on a press release of the Romanian DPA.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
08.11.2022 Fine for GDPR violation In October 2022, the National Supervisory Authority completed an investigation at SC Prestige Media PHG SRL and found a violation of the provisions of art. 5 para. (1) lit. a) and para. (2) and art. 6 of the General Data Protection Regulation (RGPD). In this context, SC Prestige Media PHG SRL was fined 24,683.5 lei (the equivalent of 5,000 EURO). The investigation was started as a result of a notification regarding a possible violation of the RGPD provisions by publishing on the operator's website some confidential documents, including decisions to terminate the individual employment contracts of some employees of another company. In the course of the investigation, it was found that 23 nominal termination decisions of individual mandate contracts/employment relationships containing personal data (name, surname, position, employment contract number, disciplinary violations) were displayed on that website. to many individuals, although they had no legal relationship with SC Prestige Media PHG SRL. It was also noted that the operator did not present evidence from which it could be concluded that he legally processed the personal data from the 23 documents in the context of unauthorized disclosure in the online environment, by publishing them on his website, according to the provisions of art. 6 of the GDPR. As such, the National Supervisory Authority found the violation by SC Prestige Media PHG SRL of the principles of personal data processing provided for in art. 5 para. (1) lit. a) and para. (2) and of art. 6 of the GDPR. At the same time, the operator was also applied the corrective measure of elimination/anonymization of the information that allows the identification of the persons concerned from the decisions to terminate the mandate contracts/employment reports published on its website. Legal and Communication Department A.N.S.P.D.C.P.