ANSPDCP (Romania) - Banca Comercială Română S.A.: Difference between revisions
No edit summary |
m (Ar moved page ANSPDCP - Banca Comercială Română S.A. to ANSPDCP (Romania) - Banca Comercială Română S.A.) |
Latest revision as of 15:16, 13 December 2023
| ANSPDCP - Banca Comercială Română S.A. | |
|---|---|
 | |
| Authority: | ANSPDCP (Romania) |
| Jurisdiction: | Romania |
| Relevant Law: | Article 32(1) GDPR Article 32(2) GDPR Article 32(4) GDPR |
| Type: | Complaint |
| Outcome: | Upheld |
| Started: | |
| Decided: | 14.04.2020 |
| Published: | |
| Fine: | 5,000 EUR |
| Parties: | Banca Comercială Română S.A. |
| National Case Number/Name: | Banca Comercială Română S.A. |
| European Case Law Identifier: | n/a |
| Appeal: | Unknown |
| Original Language(s): | Romanian |
| Original Source: | ANSPDCP (in RO) |
| Initial Contributor: | n/a |
The Romanian DPA (ANSPDCP) fined Banca Comercială Română S.A. 5,000 € for failing to implement adequate technical and organisational measures when processing personal data of adults and minors.
English Summary
Facts
Following a complaint, the ANSPDCP initiated investigation against the Romanian Bank Banca Comercială Română.
Dispute
Holding
The ANSPDCP found that the Bank "has not implemented adequate technical and organizational measures to ensure a level of security appropriate to the risk of processing. At the same time, the controller has not taken measures to ensure that any natural person acting under his authority who has access to personal data only processes them at his request, unless this obligation is incumbent on him under the law. Union or national law.
Thus, it was found that there was a collection of copies of identity documents of individual customers (minors and legal representatives) through the personal phone of an employee of the operator, as well as transmissions of copies of these documents to the operator, through the Whatsapp application, in violation of the internal working procedure."
Comment
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
Sanction for violating the RGPD The National Supervisory Authority completed, on 14.04.2020, an investigation at the operator Banca Comercială Română S.A., finding the violation of the provisions regarding the security of processing, respectively art. 32 para. (4) in conjunction with art. 32 para. (1) and para. (2) of the General Data Protection Regulation. The operator Banca Comercială Română S.A. was sanctioned with a fine in the amount of 24,163.50 lei, the equivalent of the amount of 5000 EURO. The investigation was initiated following the receipt of a complaint, and during its conduct, the National Supervisory Authority found that Banca Comercială Română S.A. has not implemented adequate technical and organizational measures to ensure a level of security appropriate to the risk of processing. At the same time, the controller has not taken measures to ensure that any natural person acting under his authority who has access to personal data only processes them at his request, unless this obligation is incumbent on him under the law. Union or national law. Thus, it was found that there was a collection of copies of identity documents of individual customers (minors and legal representatives) through the personal phone of an employee of the operator, as well as transmissions of copies of these documents to the operator, through the Whatsapp application, in violation of the internal working procedure.
