ANSPDCP (Romania) - Fine against World Class Romania S.A.
ANSPDCP (Romania) - Fine against World Class Romania S.A. | |
---|---|
Authority: | ANSPDCP (Romania) |
Jurisdiction: | Romania |
Relevant Law: | Article 32 GDPR |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | |
Published: | 07.05.2021 |
Fine: | 9851 RON |
Parties: | World Class România S.A. |
National Case Number/Name: | Fine against World Class Romania S.A. |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | Romanian |
Original Source: | ANSPDCP (in RO) |
Initial Contributor: | Diana Rosu |
A data controller was fined 9 851 RON (approximately 2 000 EUR) for breaching article 32 of the GDPR after it made available the resignation request of a former employee on the employees' WhatsApp group.
English Summary
Facts
The controller World Class Romania S.A. made available a resignation request of a former employee on the employees' WhatsApp group.
Dispute
Holding
The Romanian DPA held that the controller did not implement appropriate technical and organisational measures to ensure an appropriate level of data confidentiality, considering that all the members of the WhatsApp group had access to the personal data included in the resignation request.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
The National Supervisory Authority completed, in April 2021, an investigation of the controller World Class Romania S.A., finding the violation of the provisions of art. 32 of the General Data Protection Regulation. As such, the controller World Class Romania S.A. was sanctioned with a fine in the amount of 9,851.00 RON (the equivalent of 2000 EUR). The investigation was initiated following a notification and the National Supervisory Authority found that the controller World Class Romania S.A. posted on the WhatsApp group of its employees a resignation request of one of its employees, thus allowing unauthorized access of all members of that WhatsApp group to certain personal data (name, surname, address, personal number and identity card, code personal information, information related to the request for termination of employment). In this context, the National Supervisory Authority considered that the controller World Class Romania S.A. did not take sufficient technical and organizational measures to ensure the confidentiality of the data subject's personal data. A corrective measure was also applied to the controller World Class Romania S.A. Thus, within 30 days from the communication date, the controller was ordered to ensure compliance with the General Data Protection Regulation, personal data processing operations, by implementing appropriate technical and organizational measures in case of remote transmission of personal data, including in terms of regular employee training.