ANSPDCP (Romania) - 19.04.2023: Difference between revisions
No edit summary |
No edit summary |
||
Line 79: | Line 79: | ||
As such, the data controller was fined 14,776.50 RON (the equivalent of €3,000). | As such, the data controller was fined 14,776.50 RON (the equivalent of €3,000). | ||
The Romanian DPA also ordered | The Romanian DPA also ordered to anonymize the data published on the controller's website. | ||
== Comment == | == Comment == |
Revision as of 11:47, 2 May 2023
ANSPDCP - 19.04.2023 | |
---|---|
Authority: | ANSPDCP (Romania) |
Jurisdiction: | Romania |
Relevant Law: | Article 5(1)(a) GDPR Article 5(1)(b) GDPR Article 6 GDPR |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | |
Published: | 19.04.2023 |
Fine: | 3000 EUR |
Parties: | Salvati Romania Union Party (USR) |
National Case Number/Name: | 19.04.2023 |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | Romanian |
Original Source: | ANSPDCP (in RO) |
Initial Contributor: | Marta.Tudor |
Salvati Romania Union Party (USR) was fined €3,000 for violations of Article 5(1)(a), Article 5(1)(b) and Article 6 GDPR.
English Summary
Facts
The Romanian Ombudsman forwarded to the Romanian DPA, several notifications it received, complaining that Salvati Romania Union Party (in Romanian: Partidul Salvati Romania - USR), the controller, published on its website personal data belonging to several data subjects. These data included the data subjects' degrees of medical disability.
Following such, the Romanian DPA started an investigation. It revealed that the data controller operator collected the personal data i.e. name, surname, personal numerical code, address, series and identity card number, medical expertise certificate number, degree of disability, from the official documents of authorities and public institutions and later published them on the party's website, as part of a project.
Holding
The Romanian DPA found that the data controller could not rely on any legal basis for the processing at stake. It therefore violated the provisions of Article 5(1)(a) and (b) in conjunction with Article 6 GDPR.
As such, the data controller was fined 14,776.50 RON (the equivalent of €3,000).
The Romanian DPA also ordered to anonymize the data published on the controller's website.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
19.04.2023 Penalty for GDPR violation In March of this year, the National Supervisory Authority completed an investigation at the operator Union Save Romania Party and found a violation of the provisions of art. 5 para. (1) lit. a) and b) in conjunction with art. 6 of the General Data Protection Regulation (RGPD). As such, the Save Romania Union Party (USR) was fined 14,776.50 lei (the equivalent of 3,000 EURO). The sanction was applied as a result of notifications, forwarded by the People's Advocate institution, complaining that personal data belonging to people with different degrees of disability are posted on the website of the Union Save Romania Party. During the investigation carried out, it was found that the operator took personal data of some concerned persons, i.e. name, surname, CNP, address, series and identity card number, medical expertise certificate number, degree of disability, from the official documents of authorities and public institutions, posted on their websites, later publishing them on the party's website, as part of a USR project, in violation of the principles of processing, without having a legal basis for that processing. At the same time, the operator was also applied the corrective measure to ensure compliance with the principles of the RGPD when carrying out personal data processing operations, by reanalyzing the documentation published on the website hcl.usr.ro, which contains the decisions, provisions and minutes issued by local public authorities, in order to anonymize personal data. Legal and Communication Department A.N.S.P.D.C.P.