ANSPDCP (Romania) - Natural Person: Difference between revisions

From GDPRhub
No edit summary
No edit summary
 
(4 intermediate revisions by 2 users not shown)
Line 7: Line 7:
|DPA_With_Country=ANSPDCP (Romania)
|DPA_With_Country=ANSPDCP (Romania)


|Case_Number_Name=ANSPDCP - Natural Person
|Case_Number_Name=Natural Person
|ECLI=
|ECLI=


Line 71: Line 71:
}}
}}


The Romanian DPA fined a natural person €150 for publishing the personal data of 383 data subjects on the website he operated, without a legal basis.  
The Romanian DPA fined a natural person €150 for publishing personal data of 383 data subjects on their website without a legal basis under [[Article 6 GDPR]] and in violation of [[Article 5 GDPR|Article 5(1)(a) and (f) GDPR]].
== English Summary ==
== English Summary ==


=== Facts ===
=== Facts ===
The Romanian DPA started an investigation after receiving a complaint against a natural person (the controller), who was the owner of the website.
The Romanian DPA started an investigation after receiving a complaint against a natural person (the controller), who operated the website https://centralpoint.ro/afisare-bd-general/.  


The controller operates the website https://centralpoint.ro/afisare-bd-general/ and he had published on this website a series of personal data, such as: personal numerical code, telephone number, ID series and number, e-mail address, bank details (real estate purchases), marital status, which affected a number of 383 natural persons.
During its investigation, the DPA found that the controller had published the personal data of 383 data subject's on the website. This included their CNP (personal identification number), phone number, ID series and number, e-mail address, bank details (real estate purchases) and marital status.
 
This unauthorized disclosure  constitutes a violation of the provisions of [[Article 5 GDPR#1a|Article 5(1)(a) GDPR]], [[Article 5 GDPR#1f|Article 5(1)(f) GDPR]], [[Article 6 GDPR#1a|Article 6(1)(a) GDPR]].


=== Holding ===
=== Holding ===
The Romanian DPA (ANSPDCP) completed an investigation of a natural person, as a controller, during which it found a violation of some provisions of the General Data Protection Regulation.
The DPA held that the publication of the personal data constituted a violation of the provisions of [[Article 5 GDPR#1a|Article 5(1)(a) GDPR]], [[Article 5 GDPR#1f|Article 5(1)(f) GDPR]], [[Article 6 GDPR#1a|Article 6(1)(a) GDPR]]. As such, the DPA imposed a fined on the controller of €100 (for violating the provisions of [[Article 5 GDPR#1a|Article 5(1)(a)]], [[Article 5 GDPR#1f|5(1)(f)]], and [[Article 6 GDPR#1a|Article 6(1)(a) GDPR]]) and €50 (for violating [[Article 58 GDPR#1a|Article 58(1)(a)]], [[Article 58 GDPR#1e|58(1)(e)]] and [[Article 83 GDPR#5e|Article 83(5)(e) GDPR]]).
 
As such, the respective controller was sanctioned as a contravention, as follows:
 
- with a fine of €100 for violating the provisions of [[Article 5 GDPR#1a|Article 5(1)(a) GDPR]], [[Article 5 GDPR#1f|Article 5(1)(f) GDPR]], [[Article 6 GDPR#1a|Article 6(1)(a) GDPR]];
 
- with a fine of €50 for violating [[Article 58 GDPR#1a|Article 58(1)(a) GDPR]], [[Article 58 GDPR#1e|Article 58(1)(e) GDPR]], [[Article 83 GDPR#5e|Article 83(5)(e) GDPR]].


Consequently, the DPA fined the €150.
Thus, the DPA fined the controller €150 in total.
== Comment ==
== Comment ==
''The Romanian DPA rarely published full decisions. This summary is based on their press release.''
''The Romanian DPA rarely published full decisions. This summary is based on their press release.''

Latest revision as of 14:47, 5 October 2022

ANSPDCP - Natural Person
LogoRO.jpg
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 5(1)(a) GDPR
Article 5(1)(f) GDPR
Article 6(1)(a) GDPR
Article 58(1)(a) GDPR
Article 58(1)(e) GDPR
Article 83(5)(e) GDPR
Type: Complaint
Outcome: Upheld
Started:
Decided:
Published: 03.10.2022
Fine: 150 EUR
Parties: ANSPDCP - Natural Person
National Case Number/Name: Natural Person
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Romanian
Original Source: ANSPDCP (in RO)
Initial Contributor: Daniela Duta

The Romanian DPA fined a natural person €150 for publishing personal data of 383 data subjects on their website without a legal basis under Article 6 GDPR and in violation of Article 5(1)(a) and (f) GDPR.

English Summary

Facts

The Romanian DPA started an investigation after receiving a complaint against a natural person (the controller), who operated the website https://centralpoint.ro/afisare-bd-general/.

During its investigation, the DPA found that the controller had published the personal data of 383 data subject's on the website. This included their CNP (personal identification number), phone number, ID series and number, e-mail address, bank details (real estate purchases) and marital status.

Holding

The DPA held that the publication of the personal data constituted a violation of the provisions of Article 5(1)(a) GDPR, Article 5(1)(f) GDPR, Article 6(1)(a) GDPR. As such, the DPA imposed a fined on the controller of €100 (for violating the provisions of Article 5(1)(a), 5(1)(f), and Article 6(1)(a) GDPR) and €50 (for violating Article 58(1)(a), 58(1)(e) and Article 83(5)(e) GDPR).

Thus, the DPA fined the controller €150 in total.

Comment

The Romanian DPA rarely published full decisions. This summary is based on their press release.

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.

03.10.2022

Fine for GDPR violation



The National Supervisory Authority completed an investigation of a natural person, as an operator, during which it found a violation of some provisions of the General Data Protection Regulation.

As such, the respective operator was sanctioned as a contravention, as follows:

- with a fine of 493.91 lei (the equivalent of 100 EURO), for violating the provisions of art. 5 para. (1) lit. a) and f) and art. 6 para. (1) lit. a) from the General Regulation on Data Protection;

- with a fine of 246,955 lei (the equivalent of 50 EURO), for violating art. 58 para. (1) lit. a) and lit. e) and art. 83 para. (5) lit. e) from the General Regulation on Data Protection.

The investigation was started as a result of receiving a notification through which a possible violation of the processing security by the website https://centralpoint.ro/afisare-bd-general/ was complained.

During the investigation, the National Supervisory Authority found that the individual in question was the owner of the website https://centralpoint.ro/afisare-bd-general/ and that he had published on this website a series of personal data, such as be: personal numerical code, telephone number, ID series and number, e-mail address, bank details (real estate purchases), marital status, which affected a number of 383 natural persons. This situation led to an unauthorized disclosure, which constitutes a violation of the provisions of art. 5 para. (1) lit. a) and f) and art. 6 para. (1) lit. a) from the General Data Protection Regulation

Legal and Communication Department

A.N.S.P.D.C.P.