ANSPDCP (Romania) - SC CNTAR TAROM SA: Difference between revisions
Isabel Hahn (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=Romania |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoRO.jpg |DPA_Abbrevation=ANSPDCP |DPA_With_Country=ANSPDCP (Romania) |Case_Number_...") |
m (Ar moved page ANSPDCP - SC CNTAR TAROM SA to ANSPDCP (Romania) - SC CNTAR TAROM SA) |
||
(2 intermediate revisions by one other user not shown) | |||
Line 18: | Line 18: | ||
|Outcome=Violation Found | |Outcome=Violation Found | ||
|Date_Decided=06.07.2020 | |Date_Decided=06.07.2020 | ||
|Date_Published= | |Date_Published=27.07.2020 | ||
|Year=2020 | |Year=2020 | ||
|Fine= | |Fine=24182.50 | ||
|Currency=RON | |Currency=RON | ||
Line 50: | Line 50: | ||
Weak technical and organizational security measures at Tarom led to the unauthorized access and disclosure of the personal data belonging to five passengers. The National Supervisory Authority imposed a fine of 24,182.50 lei (approx. 5,000 Euros). | Weak technical and organizational security measures at Tarom led to the unauthorized access and disclosure of the personal data belonging to five passengers. The National Supervisory Authority imposed a fine of 24,182.50 lei (approx. 5,000 Euros). | ||
== English Summary == | ==English Summary== | ||
=== Facts === | ===Facts=== | ||
The National Supervisory Authority conducted an investigation into Tarom's security measures and found that Tarom had not implemented adequate technical and organizational measures to protect the personal data of its passengers. This led to the unauthorized access and disclosure of data belonging to five of Tarom's passengers. | The National Supervisory Authority conducted an investigation into Tarom's security measures and found that Tarom had not implemented adequate technical and organizational measures to protect the personal data of its passengers. This led to the unauthorized access and disclosure of data belonging to five of Tarom's passengers. | ||
=== Dispute === | ===Dispute=== | ||
Whether there had been a violation of GDPR Art.32 (security of processing). | Whether there had been a violation of GDPR Art.32 (security of processing). | ||
=== Holding === | ===Holding=== | ||
Tarom was fined 24,182.50 lei (approx. 5,000 Euros). Tarom was required to take corrective measures, such as undertaking risk assessment procedures, reviewing and updating their security, and training its employees. | Tarom was fined 24,182.50 lei (approx. 5,000 Euros). Tarom was required to take corrective measures, such as undertaking risk assessment procedures, reviewing and updating their security, and training its employees. | ||
== Comment == | ==Comment== | ||
''Share your comments here!'' | ''Share your comments here!'' | ||
== Further Resources == | ==Further Resources== | ||
''Share blogs or news articles here!'' | ''Share blogs or news articles here!'' | ||
== English Machine Translation of the Decision == | ==English Machine Translation of the Decision== | ||
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details. | The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details. | ||
Latest revision as of 15:21, 13 December 2023
ANSPDCP - SC CNTAR TAROM SA | |
---|---|
Authority: | ANSPDCP (Romania) |
Jurisdiction: | Romania |
Relevant Law: | Article 32 GDPR |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | 06.07.2020 |
Published: | 27.07.2020 |
Fine: | 24182.50 RON |
Parties: | SC Cntar Tarom SA |
National Case Number/Name: | SC CNTAR TAROM SA |
European Case Law Identifier: | n/a |
Appeal: | Not appealed |
Original Language(s): | Romanian |
Original Source: | ANSPDCP (in RO) |
Initial Contributor: | Isabel Hahn |
Weak technical and organizational security measures at Tarom led to the unauthorized access and disclosure of the personal data belonging to five passengers. The National Supervisory Authority imposed a fine of 24,182.50 lei (approx. 5,000 Euros).
English Summary
Facts
The National Supervisory Authority conducted an investigation into Tarom's security measures and found that Tarom had not implemented adequate technical and organizational measures to protect the personal data of its passengers. This led to the unauthorized access and disclosure of data belonging to five of Tarom's passengers.
Dispute
Whether there had been a violation of GDPR Art.32 (security of processing).
Holding
Tarom was fined 24,182.50 lei (approx. 5,000 Euros). Tarom was required to take corrective measures, such as undertaking risk assessment procedures, reviewing and updating their security, and training its employees.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
The National Supervisory Authority completed on 06.07.2020 an investigation at the operator SC CNTAR TAROM SA, as a result of the transmission by the operator of a notification regarding the violation of personal data security, finding the violation of the provisions of art. 32 para. (4), art. 32 para. (1) lit. b) and par. (2) of the General Regulation on Data Protection, which led to the application of a fine in the amount of 24,182.50 lei, the equivalent of 5,000 EURO. The breach of data security consisted in the fact that the controller did not implement adequate technical and organizational measures to ensure that any natural person acting under the authority of the controller and who has access to personal data only processes them at the request of the controller. led to the loss of confidentiality of personal data through unauthorized access to data belonging to a number of five (5) TAROM passengers, as well as to the unauthorized disclosure of their data. The corrective measure was also applied to the operator to review and update the technical and organizational measures implemented as a result of the risk assessment for the rights and freedoms of individuals, including working procedures on personal data protection, and the implementation of measures. on the regular training of persons acting under its authority (employees).