ANSDPCP (Romania) - Fan Courrier Express SRL

From GDPRhub
ANSPDCP (Romania) -
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 5(1)(f) GDPR
Article 32(1) GDPR
Article 32(2) GDPR
Type: Investigation
Outcome: Violation Found
Decided: 28.11.2019
Fine: 11,000 EUR
Parties: Fan Courrier Express SRL
National Case Number/Name:
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): English
Original Source: ANSDPCP (in EN)
Initial Contributor: n/a

The ANSPDCP fined € 11.000 Fan Courrier Express SRL for violations of f Article 32 paragraphs (1) and (2) GDPR.

ANSPDCP English press release

The controller Fan Courrier Express SRL was sanctioned with a fine in the amount of 52,325.9 lei, the equivalent of 11000 Euros.

The sanction was applied to the controller because it did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the risk of processing generated accidentally or illegally, in particular, by the destruction, loss, modification, unauthorized disclosure or unauthorized access to the personal data transmitted, stored or otherwise processed, which led to the loss of personal data (name, surname, card number, card security code (cvc), card holder address, personal identification number, serial number and identity card number , IBAN account number, approved credit limit, correspondence address) and by the unauthorized disclosure/access of the personal data, being affected by the security incidents a number of about 1100 data subjects, although the controller had the obligation to take the adequate security measures of personal data according to the provisions of Article 5 paragraph (1) letter f) of the GDPR.


Share your comments here!

Further Resources

Share blogs or news articles here!