ANSDPCP (Romania) - BNP Paribas Personal Finance SA Paris Sucursala București

From GDPRhub
ANSPDCP (Romania) -
LogoRO.jpg
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 12(3) GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided: 22.11.2019
Published:
Fine: 2,000 EUR
Parties: BNP Paribas Personal Finance SA Paris
Sucursala București
National Case Number/Name:
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): English
Original Source: ANSDPCP (in EN)
Initial Contributor: n/a

The ANSDPC in Romania fined BNP Paribas because it did not respond to the applicant’s access request within the one-month period required under Article 12(3) GDPR.

ANSDPCP English press release

The controller BNP Paribas Personal Finance SA was sanctioned with a fine in the amount of 9508 lei, the equivalent of 2000 Euros.

The investigation was initiated as a result of some complaints alleging that the controller did not respond to the applicant within the time limit provided by Article 12 paragraph (3) of the General Data Protection Regulation, although it had requested the deletion of certain personal data reported in the records system of Biroul de Credit.

Pursuant to Article 12 paragraph (3) of the General Data Protection Regulation, the controller has the obligation to respond to the requests of the data subjects without unjustified delays and at the latest within one month from the receipt of the request.

Also, a corrective measure was applied to the controller of BNP Paribas Personal Finance SA, which consisted in the adoption of measures, at the company level, regarding the settlement of the requests of the data subjects, so that, in all cases, the provisions of Article 12 of Regulation (EU) 2016/679 are observed.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!