ANSPDCP (Romania) - Fine against SC Interactions Marketing SRL

From GDPRhub
ANSPDCP - Fine against SC Interactions Marketing SRL
LogoRO.jpg
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 32(1)(b) GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided:
Published: 20.06.2022
Fine: 1000 EUR
Parties: SC Interactions Marketing SRL
National Case Number/Name: Fine against SC Interactions Marketing SRL
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Romanian
Original Source: ANSPDCP (in RO)
Initial Contributor: Diana Rosu

The Romanian DPA fined a processor responsible for the implementation of a marketing campaign €1000 for sending a marketing email to 27 data subjects without hiding the other recipients' email addresses, violating Article 32(1)(b) GDPR.

English Summary[edit | edit source]

Facts[edit | edit source]

SC Interactions Marketing SRL is a company providing Customer-Relationship-Management (CRM), marketing and digital services (processor). While promoting a marketing campaign on behalf of another company (controller), SC Interactions Marketing SRL sent a marketing email to 27 data subjects without hiding the email addresses of the recipients. This way, each recipient of the marketing email had unauthorised access to the email addresses of the other recipients. Following a complaint filled by one of the affected data subjects, the Romanian DPA started an investigation into the matter. During the investigation, the DPA found that the processor did not take the necessary technical and organisational measures to ensure the confidentiality of the personal data processed.

Holding[edit | edit source]

Since the Romanian DPA found in its investigation that the processor did not take the necessary technical and organisational measures to ensure the confidentiality of the personal data processed, it held that the processor violated Article 32(1)(b) GDPR and fined it €1000 (RON 4,942.3).

Comment[edit | edit source]

The Romanian DPA publishes only press releases, therefore no more information was available on the decision.

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.

20.06.2022

RGPD fine



The National Supervisory Authority completed in May 2022 an investigation at SC Interactions Marketing SRL and found a violation of the provisions of art. 32 para. (1) lit. b) of the General Regulation on Data Protection.

SC Interactions Marketing SRL, as the proxy of an operator, was sanctioned with a fine in the amount of 4,942.3 lei (equivalent to the amount of 1000 EURO).

The investigation was initiated as a result of complaints from a data subject who complained that an operator had sent a commercial e-mail message to several persons, thus revealing their e-mail addresses.

The investigation revealed that SC Interactions Marketing SRL, as a proxy, carried out a campaign for the requested operator, in which it sent a commercial message to the e-mail addresses belonging to a number of 27 people, without hiding them, allowing unauthorized disclosure of email addresses to other recipients.

As such, SC Interactions Marketing SRL was sanctioned for violating the provisions of art. 32 para. (1) lit. b) of the General Regulation on Data Protection, although, as an authorized person, he had the obligation to adopt appropriate technical and organizational measures in order to ensure the confidentiality of the personal data processed.



Legal and Communication Department

A.N.S.P.D.C.P.