ANSPDCP (Romania) - Realmedia Network SA
| ANSPDCP - Realmedia Network SA | |
|---|---|
 | |
| Authority: | ANSPDCP (Romania) |
| Jurisdiction: | Romania |
| Relevant Law: | Article 32(1)(b) GDPR Article 32(2) GDPR |
| Type: | Investigation |
| Outcome: | Violation Found |
| Started: | |
| Decided: | |
| Published: | 08.09.2022 |
| Fine: | 8,000 EUR |
| Parties: | Realmedia Network SA |
| National Case Number/Name: | Realmedia Network SA |
| European Case Law Identifier: | n/a |
| Appeal: | Unknown |
| Original Language(s): | Romanian |
| Original Source: | ANSPDCP (in RO) |
| Initial Contributor: | Daniela Duta |
The Romanian DPA fined a controller €8,000 for unauthorized disclosure or unauthorized access to personal data which led to a data security breach and impact 194,309 data subjects.
English Summary
Facts
The Romanian DPA self-reported a possible data security breach at Realmedia Network SA. As part of the investigation, it was found that the data security breach occurred at the level of a service used by the controller to operate the imobiliare.ro platform.
This situation led to the unauthorized disclosure or unauthorized access to the following personal data: name, surname, telephone number, e-mail address, postal address, personal numerical code, signature, copies of identity cards, including identification codes, function/quality, bank data, information included in land deed extracts/cadastral drafts, property titles, profile images of users, which led to the impact of 194,309 data subjects.
Holding
In August 2022, the Romanian DPA completed an investigation at the controller Realmedia Network SA (imobiliare.ro) and found a violation of the provisions of Article 32(1)(b) GDPR and Article 32(2) GDPR, consequently, the controller was fined €8,000 for not implementing adequate technical and organizational measures to ensure a security level according to the processing risk.
Comment
The Romanian DPA rarely published full decisions. This summary is based on a press release of the Romanian DPA.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
09/08/2022 A new penalty for breaching GDPR In August of this year, the National Supervisory Authority completed an investigation at the operator Realmedia Network SA (imobiliare.ro) during which it found a violation of the provisions of art. 32 para. (1) lit. b) and para. (2) of the General Data Protection Regulation. As such, the company Realmedia Network SA was fined 39,272 lei, the equivalent of 8,000 EURO. Following some information from the online environment, our institution self-notified about a possible personal data security breach that occurred at Realmedia Network SA. As part of the investigation, it was found that the breach of data processing security occurred at the level of a service used by the operator to operate the imobiliare.ro platform. This situation led to the unauthorized disclosure or unauthorized access to the following personal data: name, surname, telephone number, e-mail address, postal address, personal numerical code, signature, copies of identity cards, including identification codes , function/quality, bank data, information included in land register extracts/cadastral drafts, property titles, user profile images, which led to the impact of a number of 194,309 targeted individuals. Thus, the operator Realmedia Network SA was fined for violating the provisions of art. 32 para. (1) lit. b) and para. (2) of the General Data Protection Regulation, as it did not implement adequate technical and organizational measures to ensure a level of security corresponding to the processing risk. Legal and Communication Department A.N.S.P.D.C.P.
