ANSPDCP - Fine against Enel Energie Muntenia

From GDPRhub
ANSPDCP - Fine against Enel Energie Muntenia
LogoRO.jpg
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 32 GDPR
Type: Complaint
Outcome: Upheld
Decided:
Published: 18.06.2020
Fine: 4000 EUR
Parties: Enel Energie Muntenia SA
National Case Number/Name: Fine against Enel Energie Muntenia
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Romanian
Original Source: ANSPDCP (in RO)
Initial Contributor: n/a

ANSPDCP fined energy provider Enel Energie Muntenia SA for violation of Article 32 GDPR. The DPA found that the provider sent documents with the complainant's personal data to another customer via e-mail and did not take sufficient security and confidentiality measures to prevent accidental disclosure of personal data to unauthorized persons.

English Summary[edit | edit source]

Facts[edit | edit source]

The complainant notified the DPA that Enel Energie Muntenia SA violated security and confidentiality of their personal data by sending documents containing their personal data to another Enel customer via e-mail.


Dispute[edit | edit source]

Holding[edit | edit source]

Following an investigation, the DPA found that the operator did not take sufficient security and confidentiality measures to prevent accidental disclosure of personal data to unauthorized persons as required by Article 32 GDPR.

Comment[edit | edit source]

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.

The National Supervisory Authority completed on 21.05.2020 an investigation at the operator Enel Energie Muntenia SA and found the violation of the provisions of art. 32 of the General Regulation on Data Protection.

The operator Enel Energie Muntenia SA was sanctioned with a fine of 19368.4 lei, the equivalent of 4,000 EURO.

The investigation was initiated as a result of a complaint by which the petitioner notified the violation of security and confidentiality of personal data by Enel Eergie Muntenia SA, by sending documents containing his personal data to another Enel customer, using e-mail.

During the investigation, the National Supervisory Authority found that the operator did not take sufficient security and confidentiality measures to prevent accidental disclosure of personal data to unauthorized persons, violating the provisions of art. 32 of the RGPD.

At the same time, the corrective measure was applied to the operator to ensure the compliance with RGPD of the operations of collection and further processing of personal data, by implementing adequate and efficient security measures, both from a technical and organizational point of view.