ANSDPCP - Fan Courrier Express SRL

From GDPRhub
Revision as of 08:40, 15 January 2020 by Juliette Leportois (talk | contribs) (→‎English Summary - press release)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
ANSDPCP - Fan Courrier Express SRL
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 5(1)(f) GDPR

Article 32(1) GDPR

Article 32(2) GDPR

Type: Investigation
Outcome: Violations found
Decided: 28.11.2019
Published: n/a
Fine: EUR 11,000
Parties: Fan Courrier Express SRL
National Case Number: n/a
European Case Law Identifier: n/a
Appeal: n/a


Source: ANSDPCP (in EN)

The ANSPDCP fined € 11.000 Fan Courrier Express SRL for violations of f Article 32 paragraphs (1) and (2) GDPR.

ANSPDCP English press release[edit | edit source]

The controller Fan Courrier Express SRL was sanctioned with a fine in the amount of 52,325.9 lei, the equivalent of 11000 Euros.

The sanction was applied to the controller because it did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the risk of processing generated accidentally or illegally, in particular, by the destruction, loss, modification, unauthorized disclosure or unauthorized access to the personal data transmitted, stored or otherwise processed, which led to the loss of personal data (name, surname, card number, card security code (cvc), card holder address, personal identification number, serial number and identity card number , IBAN account number, approved credit limit, correspondence address) and by the unauthorized disclosure/access of the personal data, being affected by the security incidents a number of about 1100 data subjects, although the controller had the obligation to take the adequate security measures of personal data according to the provisions of Article 5 paragraph (1) letter f) of the GDPR.

Comment[edit | edit source]

Share your comments here!

Further Resources[edit | edit source]

Share blogs or news articles here!