ANSPDCP (Romania) - Vodafone România S.A. 3

From GDPRhub
ANSPDCP - ANSPDCP - Vodafone România S.A. 3
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 12 GDPR
Article 15 GDPR
Article 17 GDPR
Type: Investigation
Outcome: Violation Found
Decided: 04.11.2020
Published: 23.11.2020
Fine: 4000 EUR
Parties: Vodafone România S.A.
National Case Number/Name: ANSPDCP - Vodafone România S.A. 3
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Romanian
Original Source: ANSPDCP (in RO)
Initial Contributor: n/a

The Romanian DPA (ANSPDCP) fined Vodafone €4000 for not responding to access and erasure requests in breach of Articles 12, 15, and 17 GDPR.

English Summary


The ANSPDCP conducted an investigation into Vodafone România S.A. and found that the controller could not demonstrate compliance and prove that it had fulfilled access and deletion requests.


Did the controller facilitate and fulfill the rights of data subjects enshrined in Articles 12, 15, and 17 GDPR?


The ANSPDCP held that the controller failed to meet its obligations, as it could not prove that it had replied to or complied with the requests from data subject. The DPA therefore fined Vodafone €4000 for breaching Articles 12, 15, and 17 GDPR.

Furthermore, the DPA imposed the corrective measure of ordering the controller to adequately respond to the data subject who submitted the requests.


Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.

The National Supervisory Authority completed on 04.11.2020 an investigation at the operator Vodafone Romania SA and found the violation of the provisions of art. 12, art. 15 and art. 17 of the General Data Protection Regulation.

The operator of Vodafone Romania SA was sanctioned with a fine in the amount of 19468.8 lei, the equivalent of the amount of 4000 EURO.

The sanction was applied following some complaints claiming that the operator did not respond to requests to exercise the rights of access and deletion provided by art. 15 and art. 17 of the General Data Protection Regulation.

During the investigation, Vodafone Romania SA could not prove the settlement of the requests for exercising the access and deletion rights within the term provided by art. 12 of the Regulation.

At the same time, the corrective measure was applied to the operator to communicate a response to the petitioner to his requests regarding the measures adopted on their basis.