ANSPDCP (Romania) - Natural Person
| ANSPDCP - Natural Person | |
|---|---|
 | |
| Authority: | ANSPDCP (Romania) |
| Jurisdiction: | Romania |
| Relevant Law: | Article 5(1)(a) GDPR Article 5(1)(f) GDPR Article 6(1)(a) GDPR Article 58(1)(a) GDPR Article 58(1)(e) GDPR Article 83(5)(e) GDPR |
| Type: | Complaint |
| Outcome: | Upheld |
| Started: | |
| Decided: | |
| Published: | 03.10.2022 |
| Fine: | 150 EUR |
| Parties: | ANSPDCP - Natural Person |
| National Case Number/Name: | Natural Person |
| European Case Law Identifier: | n/a |
| Appeal: | Unknown |
| Original Language(s): | Romanian |
| Original Source: | ANSPDCP (in RO) |
| Initial Contributor: | Daniela Duta |
The Romanian DPA fined a natural person €150 for publishing personal data of 383 data subjects on their website without a legal basis under Article 6 GDPR and in violation of Article 5(1)(a) and (f) GDPR.
English Summary
Facts
The Romanian DPA started an investigation after receiving a complaint against a natural person (the controller), who operated the website https://centralpoint.ro/afisare-bd-general/.
During its investigation, the DPA found that the controller had published the personal data of 383 data subject's on the website. This included their CNP (personal identification number), phone number, ID series and number, e-mail address, bank details (real estate purchases) and marital status.
Holding
The DPA held that the publication of the personal data constituted a violation of the provisions of Article 5(1)(a) GDPR, Article 5(1)(f) GDPR, Article 6(1)(a) GDPR. As such, the DPA imposed a fined on the controller of €100 (for violating the provisions of Article 5(1)(a), 5(1)(f), and Article 6(1)(a) GDPR) and €50 (for violating Article 58(1)(a), 58(1)(e) and Article 83(5)(e) GDPR).
Thus, the DPA fined the controller €150 in total.
Comment
The Romanian DPA rarely published full decisions. This summary is based on their press release.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
03.10.2022 Fine for GDPR violation The National Supervisory Authority completed an investigation of a natural person, as an operator, during which it found a violation of some provisions of the General Data Protection Regulation. As such, the respective operator was sanctioned as a contravention, as follows: - with a fine of 493.91 lei (the equivalent of 100 EURO), for violating the provisions of art. 5 para. (1) lit. a) and f) and art. 6 para. (1) lit. a) from the General Regulation on Data Protection; - with a fine of 246,955 lei (the equivalent of 50 EURO), for violating art. 58 para. (1) lit. a) and lit. e) and art. 83 para. (5) lit. e) from the General Regulation on Data Protection. The investigation was started as a result of receiving a notification through which a possible violation of the processing security by the website https://centralpoint.ro/afisare-bd-general/ was complained. During the investigation, the National Supervisory Authority found that the individual in question was the owner of the website https://centralpoint.ro/afisare-bd-general/ and that he had published on this website a series of personal data, such as be: personal numerical code, telephone number, ID series and number, e-mail address, bank details (real estate purchases), marital status, which affected a number of 383 natural persons. This situation led to an unauthorized disclosure, which constitutes a violation of the provisions of art. 5 para. (1) lit. a) and f) and art. 6 para. (1) lit. a) from the General Data Protection Regulation Legal and Communication Department A.N.S.P.D.C.P.
