ANSPDCP (Romania) - Realmedia Network SA: Difference between revisions

From GDPRhub
(Created page with "{{DPAdecisionBOX |Jurisdiction=Romania |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoRO.jpg |DPA_Abbrevation=ANSPDCP |DPA_With_Country=ANSPDCP (Romania) |Case_Number_...")
 
No edit summary
 
(4 intermediate revisions by 3 users not shown)
Line 63: Line 63:
}}
}}


The Romanian DPA fined a controller €8,000 for unauthorized disclosure or unauthorized access to personal data which led to a data security breach and impact 194,309 data subjects.
The Romanian DPA fined a controller operating a real estate platform €8,000 for a data breach which caused the unauthorized disclosures of 194,309 data subjects' personal data.


== English Summary ==
== English Summary ==


=== Facts ===
=== Facts ===
The Romanian DPA self-reported a possible data security breach at Realmedia Network SA. As part of the investigation, it was found that the data security  breach occurred at the level of a service used by the controller to operate the imobiliare.ro platform.  
Following informations received from the Internet, the Romanian DPA launched an ''ex officio'' investigation into Realmedia Network SA (the controller) for a possible data breach. The controller operates a real estate platform called ''imobiliare.ro'', where agencies and individuals can advertise their properties.  


This situation led to the unauthorized disclosure or unauthorized access to the following personal data: name, surname, telephone number, e-mail address, postal address, personal numerical code, signature, copies of identity cards, including identification codes, function/quality, bank data, information included in land deed extracts/cadastral drafts, property titles, profile images of users, which led to the impact of 194,309 data subjects.
The DPA's investigation revealed the unauthorized disclosure and access to the following personal data that was not supposed to be accessible: name, surname, telephone number, email address, postal address, personal numerical code, signature, copies of identity cards, including identification codes, function/quality, bank data, information included in land deed extracts/cadastral drafts, property titles and user profile image. 194,309 data subjects were impacted.


=== Holding ===
=== Holding ===
In August 2022, the Romanian DPA completed an investigation at the controller Realmedia Network SA (imobiliare.ro) and  found a violation of the provisions of [[Article 32 GDPR#1b|Article 32(1)(b) GDPR]] and [[Article 32 GDPR#2|Article 32(2) GDPR]], consequently, the controller was fined €8,000 for not implementing adequate technical and organizational measures to ensure a security level according to the processing risk.
The DPA held that the controller violated [[Article 32 GDPR#1b|Articles 32(1)(b)]] and [[Article 32 GDPR#2|32(2) GDPR]] for not implementing adequate technical and organizational measures to ensure a security level according to the processing risk.
 
Consequently, the DPA fined the €8,000.


== Comment ==
== Comment ==
The Romanian DPA rarely published full decisions. This summary is based on a press release of the Romanian DPA.
''The Romanian DPA rarely published full decisions. This summary is based on their press release.''


== Further Resources ==
== Further Resources ==

Latest revision as of 18:55, 14 September 2022

ANSPDCP - Realmedia Network SA
LogoRO.jpg
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 32(1)(b) GDPR
Article 32(2) GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided:
Published: 08.09.2022
Fine: 8,000 EUR
Parties: Realmedia Network SA
National Case Number/Name: Realmedia Network SA
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Romanian
Original Source: ANSPDCP (in RO)
Initial Contributor: Daniela Duta

The Romanian DPA fined a controller operating a real estate platform €8,000 for a data breach which caused the unauthorized disclosures of 194,309 data subjects' personal data.

English Summary

Facts

Following informations received from the Internet, the Romanian DPA launched an ex officio investigation into Realmedia Network SA (the controller) for a possible data breach. The controller operates a real estate platform called imobiliare.ro, where agencies and individuals can advertise their properties.

The DPA's investigation revealed the unauthorized disclosure and access to the following personal data that was not supposed to be accessible: name, surname, telephone number, email address, postal address, personal numerical code, signature, copies of identity cards, including identification codes, function/quality, bank data, information included in land deed extracts/cadastral drafts, property titles and user profile image. 194,309 data subjects were impacted.

Holding

The DPA held that the controller violated Articles 32(1)(b) and 32(2) GDPR for not implementing adequate technical and organizational measures to ensure a security level according to the processing risk.

Consequently, the DPA fined the €8,000.

Comment

The Romanian DPA rarely published full decisions. This summary is based on their press release.

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.

09/08/2022

A new penalty for breaching GDPR



In August of this year, the National Supervisory Authority completed an investigation at the operator Realmedia Network SA (imobiliare.ro) during which it found a violation of the provisions of art. 32 para. (1) lit. b) and para. (2) of the General Data Protection Regulation.

As such, the company Realmedia Network SA was fined 39,272 lei, the equivalent of 8,000 EURO.

Following some information from the online environment, our institution self-notified about a possible personal data security breach that occurred at Realmedia Network SA.

As part of the investigation, it was found that the breach of data processing security occurred at the level of a service used by the operator to operate the imobiliare.ro platform.

This situation led to the unauthorized disclosure or unauthorized access to the following personal data: name, surname, telephone number, e-mail address, postal address, personal numerical code, signature, copies of identity cards, including identification codes , function/quality, bank data, information included in land register extracts/cadastral drafts, property titles, user profile images, which led to the impact of a number of 194,309 targeted individuals.

Thus, the operator Realmedia Network SA was fined for violating the provisions of art. 32 para. (1) lit. b) and para. (2) of the General Data Protection Regulation, as it did not implement adequate technical and organizational measures to ensure a level of security corresponding to the processing risk.

Legal and Communication Department

A.N.S.P.D.C.P.