ANSPDCP (Romania) - Fine against SC Interactions Marketing SRL
| ANSPDCP - Fine against SC Interactions Marketing SRL | |
|---|---|
 | |
| Authority: | ANSPDCP (Romania) |
| Jurisdiction: | Romania |
| Relevant Law: | Article 32(1)(b) GDPR |
| Type: | Investigation |
| Outcome: | Violation Found |
| Started: | |
| Decided: | |
| Published: | 20.06.2022 |
| Fine: | 1000 EUR |
| Parties: | SC Interactions Marketing SRL |
| National Case Number/Name: | Fine against SC Interactions Marketing SRL |
| European Case Law Identifier: | n/a |
| Appeal: | Unknown |
| Original Language(s): | Romanian |
| Original Source: | ANSPDCP (in RO) |
| Initial Contributor: | Diana Rosu |
The Romanian DPA fined a processor responsible for the implementation of a marketing campaign €1000 for sending a marketing email to 27 data subjects without hiding the other recipients' email addresses, violating Article 32(1)(b) GDPR.
English Summary
Facts
SC Interactions Marketing SRL is a company providing Customer-Relationship-Management (CRM), marketing and digital services (processor). While promoting a marketing campaign on behalf of another company (controller), SC Interactions Marketing SRL sent a marketing email to 27 data subjects without hiding the email addresses of the recipients. This way, each recipient of the marketing email had unauthorised access to the email addresses of the other recipients. Following a complaint filled by one of the affected data subjects, the Romanian DPA started an investigation into the matter. During the investigation, the DPA found that the processor did not take the necessary technical and organisational measures to ensure the confidentiality of the personal data processed.
Holding
Since the Romanian DPA found in its investigation that the processor did not take the necessary technical and organisational measures to ensure the confidentiality of the personal data processed, it held that the processor violated Article 32(1)(b) GDPR and fined it €1000 (RON 4,942.3).
Comment
The Romanian DPA publishes only press releases, therefore no more information was available on the decision.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
20.06.2022 RGPD fine The National Supervisory Authority completed in May 2022 an investigation at SC Interactions Marketing SRL and found a violation of the provisions of art. 32 para. (1) lit. b) of the General Regulation on Data Protection. SC Interactions Marketing SRL, as the proxy of an operator, was sanctioned with a fine in the amount of 4,942.3 lei (equivalent to the amount of 1000 EURO). The investigation was initiated as a result of complaints from a data subject who complained that an operator had sent a commercial e-mail message to several persons, thus revealing their e-mail addresses. The investigation revealed that SC Interactions Marketing SRL, as a proxy, carried out a campaign for the requested operator, in which it sent a commercial message to the e-mail addresses belonging to a number of 27 people, without hiding them, allowing unauthorized disclosure of email addresses to other recipients. As such, SC Interactions Marketing SRL was sanctioned for violating the provisions of art. 32 para. (1) lit. b) of the General Regulation on Data Protection, although, as an authorized person, he had the obligation to adopt appropriate technical and organizational measures in order to ensure the confidentiality of the personal data processed. Legal and Communication Department A.N.S.P.D.C.P.
