ANSDPCP (Romania) - Fan Courrier Express SRL
| ANSPDCP (Romania) - | |
|---|---|
 | |
| Authority: | ANSPDCP (Romania) |
| Jurisdiction: | Romania |
| Relevant Law: | Article 5(1)(f) GDPR Article 32(1) GDPR Article 32(2) GDPR |
| Type: | Investigation |
| Outcome: | Violation Found |
| Started: | |
| Decided: | 28.11.2019 |
| Published: | |
| Fine: | 11,000 EUR |
| Parties: | Fan Courrier Express SRL |
| National Case Number/Name: | |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | English |
| Original Source: | ANSDPCP (in EN) |
| Initial Contributor: | n/a |
The ANSPDCP fined € 11.000 Fan Courrier Express SRL for violations of f Article 32 paragraphs (1) and (2) GDPR.
ANSPDCP English press release
The controller Fan Courrier Express SRL was sanctioned with a fine in the amount of 52,325.9 lei, the equivalent of 11000 Euros.
The sanction was applied to the controller because it did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the risk of processing generated accidentally or illegally, in particular, by the destruction, loss, modification, unauthorized disclosure or unauthorized access to the personal data transmitted, stored or otherwise processed, which led to the loss of personal data (name, surname, card number, card security code (cvc), card holder address, personal identification number, serial number and identity card number , IBAN account number, approved credit limit, correspondence address) and by the unauthorized disclosure/access of the personal data, being affected by the security incidents a number of about 1100 data subjects, although the controller had the obligation to take the adequate security measures of personal data according to the provisions of Article 5 paragraph (1) letter f) of the GDPR.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
