ANSPDCP (Romania) - Fine against SC Interactions Marketing SRL: Difference between revisions

ANSPDCP - Fine against SC Interactions Marketing SRL
Authority:	ANSPDCP (Romania)
Jurisdiction:	Romania
Relevant Law:	Article 32(1)(b) GDPR
Type:	Investigation
Outcome:	Violation Found
Started:
Decided:
Published:	20.06.2022
Fine:	1000 EUR
Parties:	SC Interactions Marketing SRL
National Case Number/Name:	Fine against SC Interactions Marketing SRL
European Case Law Identifier:	n/a
Appeal:	Unknown
Original Language(s):	Romanian
Original Source:	ANSPDCP (in RO)
Initial Contributor:	Diana Rosu

The Romanian DPA fined a processor responsible for the implementation of a marketing campaign the equivalent of €1,000 for breaching Article 32(1)b. The processor sent a marketing email to 27 data subjects without hiding the other recipients of the email.

English Summary

Facts

SC Interactions Marketing SRL is processor providing CRM, marketing and digital services. While promoting a marketing campaign on bahalf of a controller, SC Interactions Marketing SRL sent a marketing email to 27 data subjects without hiding the ther recipients of the email. This way, each recipient of the marketing email had unauthorised access to the email addresses of the other recipients.

Holding

Following a complaint filled by one of the affected data subjects, the Romanian DPA started an investigation against the controller on whose behalf the marketing email has been sent. However, during the investigation, it was found that the processor implementing the marketing campaign did not take the necessary technical and organisational measures to ensure the confidentiality of the personal data processed, and therefore the processor was fined the equivalent of €1,000 (RON 4,942.3).

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.

20.06.2022

RGPD fine



The National Supervisory Authority completed in May 2022 an investigation at SC Interactions Marketing SRL and found a violation of the provisions of art. 32 para. (1) lit. b) of the General Regulation on Data Protection.

SC Interactions Marketing SRL, as the proxy of an operator, was sanctioned with a fine in the amount of 4,942.3 lei (equivalent to the amount of 1000 EURO).

The investigation was initiated as a result of complaints from a data subject who complained that an operator had sent a commercial e-mail message to several persons, thus revealing their e-mail addresses.

The investigation revealed that SC Interactions Marketing SRL, as a proxy, carried out a campaign for the requested operator, in which it sent a commercial message to the e-mail addresses belonging to a number of 27 people, without hiding them, allowing unauthorized disclosure of email addresses to other recipients.

As such, SC Interactions Marketing SRL was sanctioned for violating the provisions of art. 32 para. (1) lit. b) of the General Regulation on Data Protection, although, as an authorized person, he had the obligation to adopt appropriate technical and organizational measures in order to ensure the confidentiality of the personal data processed.



Legal and Communication Department

A.N.S.P.D.C.P.