ANSPDCP (Romania) - Natural Person

From GDPRhub
ANSPDCP - Natural Person
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 5(1)(a) GDPR
Article 5(1)(f) GDPR
Article 6(1)(a) GDPR
Article 58(1)(a) GDPR
Article 58(1)(e) GDPR
Article 83(5)(e) GDPR
Type: Complaint
Outcome: Upheld
Published: 03.10.2022
Fine: 150 EUR
Parties: ANSPDCP - Natural Person
National Case Number/Name: Natural Person
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Romanian
Original Source: ANSPDCP (in RO)
Initial Contributor: Daniela Duta

The Romanian DPA fined a natural person €150 for publishing personal data of 383 data subjects on their website without a legal basis under Article 6 GDPR and in violation of Article 5(1)(a) and (f) GDPR.

English Summary


The Romanian DPA started an investigation after receiving a complaint against a natural person (the controller), who operated the website

During its investigation, the DPA found that the controller had published the personal data of 383 data subject's on the website. This included their CNP (personal identification number), phone number, ID series and number, e-mail address, bank details (real estate purchases) and marital status.


The DPA held that the publication of the personal data constituted a violation of the provisions of Article 5(1)(a) GDPR, Article 5(1)(f) GDPR, Article 6(1)(a) GDPR. As such, the DPA imposed a fined on the controller of €100 (for violating the provisions of Article 5(1)(a), 5(1)(f), and Article 6(1)(a) GDPR) and €50 (for violating Article 58(1)(a), 58(1)(e) and Article 83(5)(e) GDPR).

Thus, the DPA fined the controller €150 in total.


The Romanian DPA rarely published full decisions. This summary is based on their press release.

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.


Fine for GDPR violation

The National Supervisory Authority completed an investigation of a natural person, as an operator, during which it found a violation of some provisions of the General Data Protection Regulation.

As such, the respective operator was sanctioned as a contravention, as follows:

- with a fine of 493.91 lei (the equivalent of 100 EURO), for violating the provisions of art. 5 para. (1) lit. a) and f) and art. 6 para. (1) lit. a) from the General Regulation on Data Protection;

- with a fine of 246,955 lei (the equivalent of 50 EURO), for violating art. 58 para. (1) lit. a) and lit. e) and art. 83 para. (5) lit. e) from the General Regulation on Data Protection.

The investigation was started as a result of receiving a notification through which a possible violation of the processing security by the website was complained.

During the investigation, the National Supervisory Authority found that the individual in question was the owner of the website and that he had published on this website a series of personal data, such as be: personal numerical code, telephone number, ID series and number, e-mail address, bank details (real estate purchases), marital status, which affected a number of 383 natural persons. This situation led to an unauthorized disclosure, which constitutes a violation of the provisions of art. 5 para. (1) lit. a) and f) and art. 6 para. (1) lit. a) from the General Data Protection Regulation

Legal and Communication Department