ANSPDCP (Romania) - Realmedia Network SA

From GDPRhub
ANSPDCP - Realmedia Network SA
LogoRO.jpg
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 32(1)(b) GDPR
Article 32(2) GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided:
Published: 08.09.2022
Fine: 8,000 EUR
Parties: Realmedia Network SA
National Case Number/Name: Realmedia Network SA
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Romanian
Original Source: ANSPDCP (in RO)
Initial Contributor: Daniela Duta

The Romanian DPA fined a controller operating a real estate platform €8,000 for a data breach which caused the unauthorized disclosures of 194,309 data subjects' personal data.

English Summary[edit | edit source]

Facts[edit | edit source]

Following informations received from the Internet, the Romanian DPA launched an ex officio investigation into Realmedia Network SA (the controller) for a possible data breach. The controller operates a real estate platform called imobiliare.ro, where agencies and individuals can advertise their properties.

The DPA's investigation revealed the unauthorized disclosure and access to the following personal data that was not supposed to be accessible: name, surname, telephone number, email address, postal address, personal numerical code, signature, copies of identity cards, including identification codes, function/quality, bank data, information included in land deed extracts/cadastral drafts, property titles and user profile image. 194,309 data subjects were impacted.

Holding[edit | edit source]

The DPA held that the controller violated Articles 32(1)(b) and 32(2) GDPR for not implementing adequate technical and organizational measures to ensure a security level according to the processing risk.

Consequently, the DPA fined the €8,000.

Comment[edit | edit source]

The Romanian DPA rarely published full decisions. This summary is based on their press release.

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.

09/08/2022

A new penalty for breaching GDPR



In August of this year, the National Supervisory Authority completed an investigation at the operator Realmedia Network SA (imobiliare.ro) during which it found a violation of the provisions of art. 32 para. (1) lit. b) and para. (2) of the General Data Protection Regulation.

As such, the company Realmedia Network SA was fined 39,272 lei, the equivalent of 8,000 EURO.

Following some information from the online environment, our institution self-notified about a possible personal data security breach that occurred at Realmedia Network SA.

As part of the investigation, it was found that the breach of data processing security occurred at the level of a service used by the operator to operate the imobiliare.ro platform.

This situation led to the unauthorized disclosure or unauthorized access to the following personal data: name, surname, telephone number, e-mail address, postal address, personal numerical code, signature, copies of identity cards, including identification codes , function/quality, bank data, information included in land register extracts/cadastral drafts, property titles, user profile images, which led to the impact of a number of 194,309 targeted individuals.

Thus, the operator Realmedia Network SA was fined for violating the provisions of art. 32 para. (1) lit. b) and para. (2) of the General Data Protection Regulation, as it did not implement adequate technical and organizational measures to ensure a level of security corresponding to the processing risk.

Legal and Communication Department

A.N.S.P.D.C.P.