ANSPDCP (Romania) - 31.01.2024: Difference between revisions
From GDPRhub
(Created page with "{{DPAdecisionBOX |Jurisdiction=Romania |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoRO.jpg |DPA_Abbrevation=ANSPDCP |DPA_With_Country=ANSPDCP (Romania) |Case_Number_Name=31.01.2024 |ECLI= |Original_Source_Name_1=Ro DPA |Original_Source_Link_1=https://www.dataprotection.ro/?page=Comunicat_Presa_31_01_2024&lang=ro |Original_Source_Language_1=Romanian |Original_Source_Language__Code_1=RO |Original_Source_Name_2= |Original_Source_Link_2= |Original_Source_Language_...") |
(Good summary! Please remember to mention the fine in euros and to cite the GDPR articles according to the guidelines) |
||
| Line 65: | Line 65: | ||
}} | }} | ||
The local municipality of 1st district, Bucharest, | The Romanian DPA sanctioned the local municipality of 1st district, Bucharest, €2,010.38 for the failure to comply with the requests of the DPA to provide information and obtain access to personal data and information necessary for performing its tasks, pursuant to [[Article 58 GDPR#1|Article 58(1)(a) and (e) GDPR]]. | ||
== English Summary == | == English Summary == | ||
=== Facts === | === Facts === | ||
The DPA initiated an investigation | The DPA initiated an investigation into the local municipality of the 1st district in Bucharest (the controller) after receiving several referrals alleging a possible infringement of the GDPR. | ||
The | |||
The notices regarded the financial incentives of the programme "Local measures to ensure energy needs and energy efficiency in households in Sector 1". By decisions of the Local Council, it was established how the inhabitants of Sector 1 could submit the necessary documents to benefit from the financial incentives of the programme: in physical format or via e-mail. However, the controller had made available also an online platform for data collection that had been purchased before the decision was approved by the Local Council. | |||
=== Holding === | === Holding === | ||
During the investigation | During the investigation, the controller failed to respond to the Romanian DPA's repeated requests for information in accordance with the provisions of [[Article 58 GDPR#1|Article 58(1)(a) and (e) GDPR]], which led to the DPA issuing a warning to the controller. At the same time, the DPA ordered the controller a remedial measure, namely, to provide all the requested information to the DPA. | ||
Since the | Since the controller did not carry out the measures under the remediation plan within the deadline set by the authority, as the controller did not reply to the DPA request to provide the relevant documents and information, the latter imposed a fine of €2,010.38 for the failure to comply with the provisions of [[Article 58 GDPR#1|Article 58(1)(a) and (e) GDPR]]. | ||
At the same time, during the investigation, in accordance with | |||
At the same time, during the investigation, in accordance with [[Article 58 GDPR#2d|Article 58(2)(d) GDPR]], the DPA also imposed on the controller the corrective measure to provide and communicate all the requested information, necessary to assess the aspects subject of the investigation. | |||
== Comment == | == Comment == | ||
Latest revision as of 16:14, 14 February 2024
| ANSPDCP - 31.01.2024 | |
|---|---|
 | |
| Authority: | ANSPDCP (Romania) |
| Jurisdiction: | Romania |
| Relevant Law: | Article 58(1)(a) GDPR Article 58(1)(e) GDPR Article 58(2)(d) GDPR Law 190/2018 |
| Type: | Investigation |
| Outcome: | Violation Found |
| Started: | |
| Decided: | |
| Published: | 16.07.2036 |
| Fine: | 10,000 RON |
| Parties: | n/a |
| National Case Number/Name: | 31.01.2024 |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | Romanian |
| Original Source: | Ro DPA (in RO) |
| Initial Contributor: | maxinescu |
The Romanian DPA sanctioned the local municipality of 1st district, Bucharest, €2,010.38 for the failure to comply with the requests of the DPA to provide information and obtain access to personal data and information necessary for performing its tasks, pursuant to Article 58(1)(a) and (e) GDPR.
English Summary
Facts
The DPA initiated an investigation into the local municipality of the 1st district in Bucharest (the controller) after receiving several referrals alleging a possible infringement of the GDPR.
The notices regarded the financial incentives of the programme "Local measures to ensure energy needs and energy efficiency in households in Sector 1". By decisions of the Local Council, it was established how the inhabitants of Sector 1 could submit the necessary documents to benefit from the financial incentives of the programme: in physical format or via e-mail. However, the controller had made available also an online platform for data collection that had been purchased before the decision was approved by the Local Council.
Holding
During the investigation, the controller failed to respond to the Romanian DPA's repeated requests for information in accordance with the provisions of Article 58(1)(a) and (e) GDPR, which led to the DPA issuing a warning to the controller. At the same time, the DPA ordered the controller a remedial measure, namely, to provide all the requested information to the DPA.
Since the controller did not carry out the measures under the remediation plan within the deadline set by the authority, as the controller did not reply to the DPA request to provide the relevant documents and information, the latter imposed a fine of €2,010.38 for the failure to comply with the provisions of Article 58(1)(a) and (e) GDPR.
At the same time, during the investigation, in accordance with Article 58(2)(d) GDPR, the DPA also imposed on the controller the corrective measure to provide and communicate all the requested information, necessary to assess the aspects subject of the investigation.
Comment
Unfortunately, the Romanian DPA does not publish its full decisions.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
31.01.2024 Penalty for GDPR violation The National Supervisory Authority for the Processing of Personal Data completed in December 2023 an investigation at the operator Sector 1 of the Municipality of Bucharest and found a violation of the provisions of art. 58 para. (1) lit. a) and e) from Regulation (EU) no. 2016/679 and art. 14 para. (5) lit. e) from Law no. 190/2018. As such, the operator was penalized with a fine of 10,000 lei. The investigation was started as a result of notifications that claimed a possible violation of the provisions of Regulation (EU) no. 2016/679. Thus, the operator of Sector 1 of the Municipality of Bucharest, through the decisions of the Local Council, established the way in which the inhabitants of Sector 1 can submit the necessary documents to benefit from the financial incentives of the program "Local measures aimed at ensuring energy needs and improving the efficiency of energy consumption in households from Sector 1", respectively in physical format or on an e-mail address, established strictly for the purpose of implementing the program. However, Sector 1 of the Municipality of Bucharest made available to the beneficiaries an online platform, https://ticheteanticriza.primarias1.ro, for data collection, purchased before the draft decision was debated and approved by the Local Council. During the investigation, the operator did not respond to the repeated requests for information sent by the National Authority for the Supervision of Personal Data Processing. Therefore, as the operator did not provide the information requested by our institution, considering the operator's status as a public institution according to the provisions of Law no. 190/2018, he was sanctioned with a warning. At the same time, it was ordered to apply a remedial measure consisting in the provision/communication of all the requested information. Since the operator of Sector 1 of the Municipality of Bucharest did not carry out the previously ordered measure through a remedial plan, within the deadline set by the authority, the investigation continued. Considering that the operator did not prove the fulfillment of the ordered remedial measure, the National Supervisory Authority for the Processing of Personal Data fined Sector 1 of the Municipality of Bucharest for violating the provisions of art. 58 para. (1) lit. a) and lit. e) from Regulation (EU) no. 2016/679 and art. 14 para. (5) lit. e) from Law no. 190/2018. At the same time, during the investigation, in accordance with the provisions of art. 58 para. (2) lit. d) from Regulation (EU) no. 2016/679, the National Supervisory Authority for the Processing of Personal Data applied to the operator the corrective measure to provide/communicate all the requested information, necessary for the resolution of the reported issues. Legal and Communication Department A.N.S.P.D.C.P.
