ANSPDCP (Romania) - Natural Person

From GDPRhub
Revision as of 08:09, 5 October 2022 by Jg (talk | contribs)
ANSPDCP - ANSPDCP - Natural Person
LogoRO.jpg
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 5(1)(a) GDPR
Article 5(1)(f) GDPR
Article 6(1)(a) GDPR
Article 58(1)(a) GDPR
Article 58(1)(e) GDPR
Article 83(5)(e) GDPR
Type: Complaint
Outcome: Upheld
Started:
Decided:
Published: 03.10.2022
Fine: 150 EUR
Parties: ANSPDCP - Natural Person
National Case Number/Name: ANSPDCP - Natural Person
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Romanian
Original Source: ANSPDCP (in RO)
Initial Contributor: Daniela Duta

The Romanian DPA fined a natural person €150 for publishing the personal data of 383 data subjects on the website he owned, without a legal basis.

English Summary

Facts

The Romanian DPA started an investigation after receiving a complaint against a natural person, owner of a website.

The controller operates the website https://centralpoint.ro/afisare-bd-general/ and he had published on this website a series of personal data, such as: personal numerical code, telephone number, ID series and number, e-mail address, bank details (real estate purchases), marital status, which affected a number of 383 natural persons.

This unauthorized disclosure constitutes a violation of the provisions of Article 5(1)(a) GDPR, Article 5(1)(f) GDPR, Article 6(1)(a) GDPR.

Holding

The Romanian DPA (ANSPDCP) completed an investigation of a natural person, as a controller, during which it found a violation of some provisions of the General Data Protection Regulation.

As such, the respective controller was sanctioned as a contravention, as follows:

- with a fine of €100 for violating the provisions of Article 5(1)(a) GDPR, Article 5(1)(f) GDPR, Article 6(1)(a) GDPR;

- with a fine of €50 for violating Article 58(1)(a) GDPR, Article 58(1)(e) GDPR, Article 83(5)(e) GDPR.

Consequently, the DPA fined the €150.

Comment

The Romanian DPA rarely published full decisions. This summary is based on their press release.

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.

03.10.2022

Fine for GDPR violation



The National Supervisory Authority completed an investigation of a natural person, as an operator, during which it found a violation of some provisions of the General Data Protection Regulation.

As such, the respective operator was sanctioned as a contravention, as follows:

- with a fine of 493.91 lei (the equivalent of 100 EURO), for violating the provisions of art. 5 para. (1) lit. a) and f) and art. 6 para. (1) lit. a) from the General Regulation on Data Protection;

- with a fine of 246,955 lei (the equivalent of 50 EURO), for violating art. 58 para. (1) lit. a) and lit. e) and art. 83 para. (5) lit. e) from the General Regulation on Data Protection.

The investigation was started as a result of receiving a notification through which a possible violation of the processing security by the website https://centralpoint.ro/afisare-bd-general/ was complained.

During the investigation, the National Supervisory Authority found that the individual in question was the owner of the website https://centralpoint.ro/afisare-bd-general/ and that he had published on this website a series of personal data, such as be: personal numerical code, telephone number, ID series and number, e-mail address, bank details (real estate purchases), marital status, which affected a number of 383 natural persons. This situation led to an unauthorized disclosure, which constitutes a violation of the provisions of art. 5 para. (1) lit. a) and f) and art. 6 para. (1) lit. a) from the General Data Protection Regulation

Legal and Communication Department

A.N.S.P.D.C.P.