ANSPDCP (Romania) - Natural Person
| ANSPDCP - ANSPDCP - Natural Person | |
|---|---|
 | |
| Authority: | ANSPDCP (Romania) |
| Jurisdiction: | Romania |
| Relevant Law: | Article 5(1)(a) GDPR Article 5(1)(f) GDPR Article 6(1)(a) GDPR Article 58(1)(a) GDPR Article 58(1)(e) GDPR Article 83(5)(e) GDPR |
| Type: | Complaint |
| Outcome: | Upheld |
| Started: | |
| Decided: | |
| Published: | 03.10.2022 |
| Fine: | 150 EUR |
| Parties: | ANSPDCP - Natural Person |
| National Case Number/Name: | ANSPDCP - Natural Person |
| European Case Law Identifier: | n/a |
| Appeal: | Unknown |
| Original Language(s): | Romanian |
| Original Source: | ANSPDCP (in RO) |
| Initial Contributor: | Daniela Duta |
The Romanian DPA fined a natural person as a controller, owner of a website, €150 for publishing the personal data of 383 data subjects on the website.
English Summary
Facts
The Romanian DPA (ANSPDCP) started an investigation after receiving a complaint against a natural person, owner of a website. The controller operates the website https://centralpoint.ro/afisare-bd-general/ and he had published on this website a series of personal data, such as: personal numerical code, telephone number, ID series and number, e-mail address, bank details (real estate purchases), marital status, which affected a number of 383 natural persons. This unauthorized disclosure constitutes a violation of the provisions of Article 5(1)(a) GDPR, Article 5(1)(f) GDPR, Article 6(1)(a) GDPR.
Holding
The Romanian DPA (ANSPDCP) completed an investigation of a natural person, as a controller, during which it found a violation of some provisions of the General Data Protection Regulation. As such, the respective controller was sanctioned as a contravention, as follows: - with a fine of €100 for violating the provisions of Article 5(1)(a) GDPR, Article 5(1)(f) GDPR, Article 6(1)(a) GDPR; - with a fine of €50 for violating Article 58(1)(a) GDPR, Article 58(1)(e) GDPR, Article 83(5)(e) GDPR. Consequently, the DPA fined the €150.
Comment
The Romanian DPA rarely published full decisions. This summary is based on their press release.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
03.10.2022 Fine for GDPR violation The National Supervisory Authority completed an investigation of a natural person, as an operator, during which it found a violation of some provisions of the General Data Protection Regulation. As such, the respective operator was sanctioned as a contravention, as follows: - with a fine of 493.91 lei (the equivalent of 100 EURO), for violating the provisions of art. 5 para. (1) lit. a) and f) and art. 6 para. (1) lit. a) from the General Regulation on Data Protection; - with a fine of 246,955 lei (the equivalent of 50 EURO), for violating art. 58 para. (1) lit. a) and lit. e) and art. 83 para. (5) lit. e) from the General Regulation on Data Protection. The investigation was started as a result of receiving a notification through which a possible violation of the processing security by the website https://centralpoint.ro/afisare-bd-general/ was complained. During the investigation, the National Supervisory Authority found that the individual in question was the owner of the website https://centralpoint.ro/afisare-bd-general/ and that he had published on this website a series of personal data, such as be: personal numerical code, telephone number, ID series and number, e-mail address, bank details (real estate purchases), marital status, which affected a number of 383 natural persons. This situation led to an unauthorized disclosure, which constitutes a violation of the provisions of art. 5 para. (1) lit. a) and f) and art. 6 para. (1) lit. a) from the General Data Protection Regulation Legal and Communication Department A.N.S.P.D.C.P.
