ANSPDCP (Romania) - fine to Enel Energie Muntenia SA

From GDPRhub
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
ANSPDCP - fine to Enel Energie Muntenia SA
LogoRO.jpg
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 32 GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided: 25.02.2020
Published: 26.03.2020
Fine: 3.000 EUR
Parties: Enel Energie Muntenia SA
National Case Number/Name: fine to Enel Energie Muntenia SA
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Romanian
Original Source: ANSPDCP (in RO)
Initial Contributor: n/a

The Romanian DPA (ANSPDCP) fined an energy company EUR 3,000 for violation of the security and confidentiality of personal data.

English Summary

Facts

The energy company Enel Energie Muntenia SA was investigated after a notification sent by a customer to the DPA.

Holding

The ANSPDCP found that Enel Energie Muntenia SA transmitted a client's personal data to the e-mail address of another client. The DPA decided that the controller did not have adequate technical and organizational measures in place to ensure a level of security that corresponds to the risk of the processing.

Thus, the controller violated the security of processing as required by Article 32 GDPR and the DPA imposed the fine of 14,423.7 lei (approx. EUR. 3,000) and ordered the controller to take the necessary measures within 30 days.

Comment

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.

On 25.02.2020, the National Supervisory Authority finalized an investigation with the operator Enel Energie Muntenia SA and found that it violated the provisions of art. 32 of the General Regulation on Data Protection, regarding the processing security.

The operator Enel Energie Muntenia SA was sanctioned contraventional with a fine in the amount of 14,423.7 lei, the equivalent of 3000 EURO.

Violation of the security and confidentiality of personal data was that the operator Enel Energie Muntenia SA transmitted to the e-mail address of a client a natural person, personal data (name and surname, address, e-mail address, client code, eneltel code) of another client.

The operator Enel Energie Muntenia SA was sanctioned because it did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the risk of the processing generated especially, accidentally or illegally, by the unauthorized disclosure or the unauthorized access to personal data.

The National Supervisory Authority carried out the investigation as a result of a notification sent by a customer of the operator, which is accompanied by conclusive evidence regarding the ones notified.

At the same time, the corrective measure was applied to the operator Enel Energie Muntenia SA, according to the provisions of art. 58 paragraph (2) lit. i) of the General Regulation on Data Protection.

Thus, the operator was obliged to ensure compliance with the General Data Protection Regulation by implementing appropriate and efficient security measures, both technically and organizationally, within 30 working days of the communication. minutes.