ANSPDCP (Romania) - S.C. Viva Credit IFN S.A.
| ANSPDCP - S.C. Viva Credit IFN S.A. | |
|---|---|
 | |
| Authority: | ANSPDCP (Romania) |
| Jurisdiction: | Romania |
| Relevant Law: | Article 12(3) GDPR Article 12(4) GDPR Article 17 GDPR |
| Type: | Investigation |
| Outcome: | Violation Found |
| Started: | |
| Decided: | |
| Published: | 30.07.2020 |
| Fine: | 9680 RON |
| Parties: | S.C. Viva Credit IFN S.A. |
| National Case Number/Name: | S.C. Viva Credit IFN S.A. |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | Romanian |
| Original Source: | ANSPDCP (in RO) |
| Initial Contributor: | Isabel Hahn |
Viva Credit failed to inform a data subject within the time frame necessary about the outcome of a request to have data erased under GDPR Article 17.
English Summary
Facts
The National Supervisory Authority conducted an investigation into Viva Credit following a complaint by a data subject claiming that Viva Credit had not complied with their request to have their data erased under GDPR Article 17. It was also alleged that Viva Credit did not provide the data subject with information on the actions they had taken as per their obligation under GDPR Art.12(3) and 12(4). Viva Credit had an obligation to respond to the request of the data subject without unjustified delay, and to notify them if they chose to not take action. However, Viva Credit did neither.
Dispute
Whether there was a violation of GDPR Art. 17 and Art. 12(3) & (4).
Holding
The National Supervisory Authority found that there had been a violation of the GDPR and imposed a fine of 9680 lei, the equivalent of 2000 Euro, on Viva Credit, along with corrective measures requiring that they send a response to the data subject within 5 days.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
The National Supervisory Authority has completed an investigation at the operator S.C. Viva Credit IFN S.A., finding the violation of art. 12 para. (3) and (4) of the General Regulation on Data Protection, by reference to art. 17 of the same Regulation.
Operator S.C. Viva Credit IFN S.A. was sanctioned with a fine of 9680 lei, the equivalent of 2000 EURO.
The investigation took place as a result of a complaint claiming that the operator did not solve the petitioner's request by which he exercises his right to delete data, according to art. 17 of the General Data Protection Regulation.
The operator also did not provide the applicant with information on the actions taken following his request within a maximum of one month (or a maximum of 3 months, stating the reasons for the delay) at his home address or contact address (e-mail). ) available in its records.
Thus, the operator S.C. Viva Credit IFN S.A. violated the provisions of art. 12 para. (3) and (4), reported to art. 17 of the General Data Protection Regulation.
The operator has the obligation, according to art. 12 para. (3), to respond to the requests of the persons concerned without unjustified delays and at the latest within one month from the receipt of the request, and according to par. (4) of the same Article "if he does not take action on the request of the data subject, the controller shall inform the data subject without delay and within one month of receipt of the request, of the reasons for not taking action and of the possibility to lodge a complaint with a supervisory authority and to bring a judicial appeal. "
At the same time, the operator S.C. Viva Credit IFN S.A. a corrective measure was also applied to him, based on the provisions of art. 58 para. (2) lit. d) of the General Regulation on Data Protection, which is obliged to send a response to the petitioner to the request submitted, within 5 working days from the communication of the minutes.
