ANSPDCP (Romania) - Fine against Blackcab Systems SRL

From GDPRhub
Revision as of 13:14, 11 November 2024 by Fb (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=Romania |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoRO.jpg |DPA_Abbrevation=ANSPDCP |DPA_With_Country=ANSPDCP (Romania) |Case_Number_Name=Fine against Blackcab Systems SRL |ECLI= |Original_Source_Name_1=ANSPDCP |Original_Source_Link_1=https://www.dataprotection.ro/?page=Comunicat_Presa_04_11_2024&lang=ro |Original_Source_Language_1=Romanian |Original_Source_Language__Code_1=RO |Original_Source_Name_2= |Original_Source_Link_2= |O...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
ANSPDCP - Fine against Blackcab Systems SRL
LogoRO.jpg
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 12(3) GDPR
Article 15(1) GDPR
Article 15(3) GDPR
Type: Complaint
Outcome: Upheld
Started:
Decided:
Published: 04.11.2024
Fine: 4,975.90 RON
Parties: Blackcab Systems SRL
National Case Number/Name: Fine against Blackcab Systems SRL
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Romanian
Original Source: ANSPDCP (in RO)
Initial Contributor: fb

The DPA fined a taxi company RON 4,975.90 (€1,000) after it did not on a data subject's access request within the time limits provided for by Article 12(3) GDPR.

English Summary

Facts

The controller is a company providing taxi services. After using the controller's services, the data subject filed an access request with the controller.

The controller did not reply within the time limits provided for by Article 12(3) GDPR.

Therefore, the data subject filed a complaint with the DPA.

Holding

The DPA noted that the controller did not reply to the data subject's access request or, at least, could not prove it had done so.

Therefore, the DPA found a violation of Article 12(3) GDPR in combination with Article 15(1) and 15(3) GDPR.

On these grounds, the DPA issued a fine of RON 4,975.90 (€1,000).

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.

04.11.2024

Penalty for GDPR violation

 

The National Supervisory Authority for the Processing of Personal Data completed in October 2024 an investigation at the operator Blackcab Systems SRL and found a violation of the provisions of art. 12 para. (3) and art. 15 para. (1) and (3) related to the provisions of art. 83 para. (5) lit. b) from Regulation (EU) 2016/679.

As such, the operator was penalized with a fine of 4,975.9 lei (the equivalent of 1,000 EURO).

The investigation was started as a result of a complaint submitted by a natural person who reported a possible violation of Regulation (EU) 2016/679.

The data subject, a client of the operator, addressed to him with a request regarding the right of access and requested a copy of his personal data.

During the investigation, it was found that the operator Blackcab Systems SRL did not prove that it responded to the petitioner's request, thus violating the provisions of art. 12 para. (3) and art. 15 para. (1) and (3) of Regulation (EU) 2016/679.

Also, pursuant to art. 58 para. (2) lit. c) from Regulation (EU) 679/2016, the corrective measure consisting in taking the necessary measures to respect the rights of the data subjects provided by the Regulation and the communication of a response to the request of the data subject, through which he exercised his right of access, including the transmission copy of his data, according to art. 15 para. (1) and (3) of Regulation (EU) 2016/679.

 

Legal and Communication Department 

A.N.S.P.D.C.P