ANSPDCP (Romania) - Realmedia Network SA
|ANSPDCP - Realmedia Network SA|
|Relevant Law:||Article 32(1)(b) GDPR|
Article 32(2) GDPR
|Parties:||Realmedia Network SA|
|National Case Number/Name:||Realmedia Network SA|
|European Case Law Identifier:||n/a|
|Original Source:||ANSPDCP (in RO)|
|Initial Contributor:||Daniela Duta|
The Romanian DPA fined a controller operating a real estate platform €8,000 for a data breach which caused the unauthorized disclosures of 194,309 data subjects' personal data.
English Summary[edit | edit source]
Facts[edit | edit source]
Following informations received from the Internet, the Romanian DPA launched an ex officio investigation into Realmedia Network SA (the controller) for a possible data breach. The controller operates a real estate platform called imobiliare.ro, where agencies and individuals can advertise their properties.
The DPA's investigation revealed the unauthorized disclosure and access to the following personal data that was not supposed to be accessible: name, surname, telephone number, email address, postal address, personal numerical code, signature, copies of identity cards, including identification codes, function/quality, bank data, information included in land deed extracts/cadastral drafts, property titles and user profile image. 194,309 data subjects were impacted.
Holding[edit | edit source]
The DPA held that the controller violated Articles 32(1)(b) and 32(2) GDPR for not implementing adequate technical and organizational measures to ensure a security level according to the processing risk.
Consequently, the DPA fined the €8,000.
Comment[edit | edit source]
The Romanian DPA rarely published full decisions. This summary is based on their press release.
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
09/08/2022 A new penalty for breaching GDPR In August of this year, the National Supervisory Authority completed an investigation at the operator Realmedia Network SA (imobiliare.ro) during which it found a violation of the provisions of art. 32 para. (1) lit. b) and para. (2) of the General Data Protection Regulation. As such, the company Realmedia Network SA was fined 39,272 lei, the equivalent of 8,000 EURO. Following some information from the online environment, our institution self-notified about a possible personal data security breach that occurred at Realmedia Network SA. As part of the investigation, it was found that the breach of data processing security occurred at the level of a service used by the operator to operate the imobiliare.ro platform. This situation led to the unauthorized disclosure or unauthorized access to the following personal data: name, surname, telephone number, e-mail address, postal address, personal numerical code, signature, copies of identity cards, including identification codes , function/quality, bank data, information included in land register extracts/cadastral drafts, property titles, user profile images, which led to the impact of a number of 194,309 targeted individuals. Thus, the operator Realmedia Network SA was fined for violating the provisions of art. 32 para. (1) lit. b) and para. (2) of the General Data Protection Regulation, as it did not implement adequate technical and organizational measures to ensure a level of security corresponding to the processing risk. Legal and Communication Department A.N.S.P.D.C.P.