ANSPDCP (Romania) - Qualitance QBS SA: Difference between revisions
(Created page with "{{DPAdecisionBOX |Jurisdiction=Romania |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoRO.jpg |DPA_Abbrevation=ANSPDCP |DPA_With_Country=ANSPDCP (Romania) |Case_Number_...") |
m (Ar moved page ANSPDCP - Qualitance QBS SA to ANSPDCP (Romania) - Qualitance QBS SA) |
||
(2 intermediate revisions by one other user not shown) | |||
Line 49: | Line 49: | ||
The Romanian DPA (ANSPDCP) imposed a €1000 fine on Qualitance QBS SA for disclosing 295 e-mail addresses to other recipients. | The Romanian DPA (ANSPDCP) imposed a €1000 fine on Qualitance QBS SA for disclosing 295 e-mail addresses to other recipients. | ||
==English Summary== | |||
===Facts=== | |||
=== Facts === | |||
The Romanian DPA (ANSPDCP) received many complaints regarding the fact that the controller sent information by e-mail to 295 persons revealing the e-mail addresses of the other recipients. The data subjects were candidates who provided their personal data for recruitment on the operator's website or through online applications. | The Romanian DPA (ANSPDCP) received many complaints regarding the fact that the controller sent information by e-mail to 295 persons revealing the e-mail addresses of the other recipients. The data subjects were candidates who provided their personal data for recruitment on the operator's website or through online applications. | ||
===Dispute=== | |||
=== Dispute === | |||
Does sending information by e-mail to a group of persons and revealing the e-mail addresses of the other recipients lead to a violation of the GDPR? | Does sending information by e-mail to a group of persons and revealing the e-mail addresses of the other recipients lead to a violation of the GDPR? | ||
=== Holding === | ===Holding=== | ||
The ANSPDCP found that the controller did not implement sufficient security measures to ensure the confidentiality of the personal data of data subjects, which led to the disclosure of e-mail addresses belonging to a number of 295 persons to other recipients, breaching the provisions of Article 32 GDPR. | The ANSPDCP found that the controller did not implement sufficient security measures to ensure the confidentiality of the personal data of data subjects, which led to the disclosure of e-mail addresses belonging to a number of 295 persons to other recipients, breaching the provisions of Article 32 GDPR. | ||
== Comment == | In addition to the applied fine of €1000, the Romanian DPA applied the corrective measure of implementing appropriate technical and organizational measures in the case of remote transmission of personal data, including regular training of the persons that process personal data under the controller's authority (employees or collaborators). | ||
==Comment== | |||
''Share your comments here!'' | ''Share your comments here!'' | ||
== Further Resources == | ==Further Resources== | ||
''Share blogs or news articles here!'' | ''Share blogs or news articles here!'' | ||
== English Machine Translation of the Decision == | ==English Machine Translation of the Decision== | ||
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details. | The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details. | ||
Latest revision as of 15:20, 13 December 2023
ANSPDCP - Qualitance QBS SA | |
---|---|
Authority: | ANSPDCP (Romania) |
Jurisdiction: | Romania |
Relevant Law: | Article 32 GDPR |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | |
Published: | 29.12.2020 |
Fine: | 1000 EUR |
Parties: | Qualitance QBS SA |
National Case Number/Name: | Qualitance QBS SA |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | Romanian |
Original Source: | ANSPDCP (in RO) |
Initial Contributor: | Stefan Musat |
The Romanian DPA (ANSPDCP) imposed a €1000 fine on Qualitance QBS SA for disclosing 295 e-mail addresses to other recipients.
English Summary
Facts
The Romanian DPA (ANSPDCP) received many complaints regarding the fact that the controller sent information by e-mail to 295 persons revealing the e-mail addresses of the other recipients. The data subjects were candidates who provided their personal data for recruitment on the operator's website or through online applications.
Dispute
Does sending information by e-mail to a group of persons and revealing the e-mail addresses of the other recipients lead to a violation of the GDPR?
Holding
The ANSPDCP found that the controller did not implement sufficient security measures to ensure the confidentiality of the personal data of data subjects, which led to the disclosure of e-mail addresses belonging to a number of 295 persons to other recipients, breaching the provisions of Article 32 GDPR.
In addition to the applied fine of €1000, the Romanian DPA applied the corrective measure of implementing appropriate technical and organizational measures in the case of remote transmission of personal data, including regular training of the persons that process personal data under the controller's authority (employees or collaborators).
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
The National Supervisory Authority completed an investigation at the operator Qualitance QBS SA and found the violation of the provisions of art. 32 of the General Data Protection Regulation. The operator Qualitance QBS SA was sanctioned with a fine in the amount of 4,867.50 lei (equivalent to 1,000 EURO). The investigation was initiated following the receipt of complaints claiming that the operator had sent an e-mail to 295 persons (candidates who provided their personal data for recruitment on the operator's website or through online applications line), thus revealing the e-mail addresses of the other recipients. During the investigation, the National Supervisory Authority found that the operator did not implement sufficient security measures to ensure the confidentiality of the personal data of data subjects, which led to the disclosure of e-mail addresses belonging to 295 persons to other recipients, contrary to the obligations provided by art. 32 of the RGPD. In this sense, art. 32 also stipulates the obligation of the operator to implement appropriate technical and organizational measures, including the ability to ensure the confidentiality, integrity, availability and ongoing resilience of processing systems and services. Qualitance QBS SA was also applied the corrective measure to ensure the compliance of personal data processing operations with the General Data Protection Regulation, by implementing appropriate technical and organizational measures in case of remote transmission of personal data, including regular training of data controllers under its authority (employees or collaborators). Legal and Communication Department ANSPDCP