ANSDPCP - BNP Paribas Personal Finance SA Paris Sucursala București
|ANSPDCP (Romania) -|
|Relevant Law:||Article 12(3) GDPR|
|Parties:||BNP Paribas Personal Finance SA Paris|
|National Case Number/Name:|
|European Case Law Identifier:||n/a|
|Original Source:||ANSDPCP (in EN)|
The ANSDPC in Romania fined BNP Paribas because it did not respond to the applicant’s access request within the one-month period required under Article 12(3) GDPR.
ANSDPCP English press release[edit | edit source]
The controller BNP Paribas Personal Finance SA was sanctioned with a fine in the amount of 9508 lei, the equivalent of 2000 Euros.
The investigation was initiated as a result of some complaints alleging that the controller did not respond to the applicant within the time limit provided by Article 12 paragraph (3) of the General Data Protection Regulation, although it had requested the deletion of certain personal data reported in the records system of Biroul de Credit.
Pursuant to Article 12 paragraph (3) of the General Data Protection Regulation, the controller has the obligation to respond to the requests of the data subjects without unjustified delays and at the latest within one month from the receipt of the request.
Also, a corrective measure was applied to the controller of BNP Paribas Personal Finance SA, which consisted in the adoption of measures, at the company level, regarding the settlement of the requests of the data subjects, so that, in all cases, the provisions of Article 12 of Regulation (EU) 2016/679 are observed.
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!