ANSPDCP (Romania) - Sanatatea Press Group S.R.L.: Difference between revisions
mNo edit summary |
m (Ar moved page ANSPDCP - Sanatatea Press Group S.R.L. to ANSPDCP (Romania) - Sanatatea Press Group S.R.L.) |
Latest revision as of 15:20, 13 December 2023
ANSPDCP - | |
---|---|
Authority: | ANSPDCP (Romania) |
Jurisdiction: | Romania |
Relevant Law: | Article 5(1)(f) GDPR Article 32(1) GDPR Article 32(2) GDPR |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | 12.08.2020 |
Published: | 08.09.2020 |
Fine: | 2000 EUR |
Parties: | Sanatatea Press Group S.R.L. |
National Case Number/Name: | |
European Case Law Identifier: | n/a |
Appeal: | Not appealed |
Original Language(s): | Romanian |
Original Source: | ANSPDCP - Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (in RO) |
Initial Contributor: | n/a |
The Romanian DPA fined a data controller €2000 for transmitting the login data of 1300 data subjects to incorrect email addresses.
English Summary
Facts
In the context of an online event that it was organising, the data controller erroneously sent the login data of 1300 participants to other email addresses than the ones that the users had created their accounts with. The data breach led to the unauthorised disclosure of the names and email addresses of the data subjects.
Dispute
The data controller notified the ANSPDCP of the data breach, which triggered the DPA's investigation. Therefore, there was no dispute with regards to the presence of a security incident.
Holding
The DPA held that the controller had breached its obligations under Articles 5(1)(f), as well as 32(1) and (2). As a consequence, the ANSPDCP issued an administrative fine of €2000 against Sanatatea Press Group S.R.L.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
On 12.08.2020, the National Supervisory Authority completed an investigation at the operator Sanatatea Press Group SRL and found the violation of the personal data security measures established by the provisions of art. 32 para. (1) and (2) in conjunction with art. 5 para. (1) lit. f) of the General Regulation on Data Protection. The operator Sanatatea Press Group SRL was sanctioned with a fine of 9,671.40 lei, the equivalent of 2,000 EURO. The investigation was initiated following the submission by the controller of a notification of a personal data breach. The breach of data security consisted in the fact that, during the organization of an online event by Sanatatea Press Group SRL, the login data of some persons were erroneously transmitted to other e-mail addresses than those with which they had created an account on the platform. operator electronics. This situation led to the disclosure and unauthorized access to the data of other participants in the event (e-mail addresses, usernames), with effects for a number of 1300 users of the operator's platform. In this context, we specify that according to art. 5 para. (1) lit. f) of the General Data Protection Regulation, the controller has the obligation to process the data “in a way that ensures adequate security of personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures ("integrity and confidentiality"). A.N.S.P.D.C.P.