ANSPDCP - Fine against Enel Energie Muntenia
|ANSPDCP - Fine against Enel Energie Muntenia|
|Relevant Law:||Article 32 GDPR|
|Parties:||Enel Energie Muntenia SA|
|National Case Number/Name:||Fine against Enel Energie Muntenia|
|European Case Law Identifier:||n/a|
|Original Source:||ANSPDCP (in RO)|
ANSPDCP fined energy provider Enel Energie Muntenia SA for violation of Article 32 GDPR. The DPA found that the provider sent documents with the complainant's personal data to another customer via e-mail and did not take sufficient security and confidentiality measures to prevent accidental disclosure of personal data to unauthorized persons.
The complainant notified the DPA that Enel Energie Muntenia SA violated security and confidentiality of their personal data by sending documents containing their personal data to another Enel customer via e-mail.
Following an investigation, the DPA found that the operator did not take sufficient security and confidentiality measures to prevent accidental disclosure of personal data to unauthorized persons as required by Article 32 GDPR.
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
The National Supervisory Authority completed on 21.05.2020 an investigation at the operator Enel Energie Muntenia SA and found the violation of the provisions of art. 32 of the General Regulation on Data Protection. The operator Enel Energie Muntenia SA was sanctioned with a fine of 19368.4 lei, the equivalent of 4,000 EURO. The investigation was initiated as a result of a complaint by which the petitioner notified the violation of security and confidentiality of personal data by Enel Eergie Muntenia SA, by sending documents containing his personal data to another Enel customer, using e-mail. During the investigation, the National Supervisory Authority found that the operator did not take sufficient security and confidentiality measures to prevent accidental disclosure of personal data to unauthorized persons, violating the provisions of art. 32 of the RGPD. At the same time, the corrective measure was applied to the operator to ensure the compliance with RGPD of the operations of collection and further processing of personal data, by implementing adequate and efficient security measures, both from a technical and organizational point of view.