ANSPDCP - Fine against Estee Lauder Romania
|ANSPDCP - Fine against Estee Lauder Romania|
|Relevant Law:||Article 6 GDPR|
Article 7 GDPR
Article 9 GDPR
|Parties:||Estee Lauder Romania SRL|
|National Case Number/Name:||Fine against Estee Lauder Romania|
|European Case Law Identifier:||n/a|
|Original Source:||ANSPDCP (in RO)|
The Romanian DPA (ANSPDCP) fined Estee Lauder Romania € 3.000 for unlawful collection and disclosure of personal data without any valid legal basis.
English Summary[edit | edit source]
Facts[edit | edit source]
The complainant claimed that Estee Lauder Romania SRL conducted illegal processing by disclosing and collecting personal data (name, surname, telephone number, date of birth and health information) without consent or other legal basis.
Dispute[edit | edit source]
Holding[edit | edit source]
Following an investigation the ANSPDCP found that Estee Lauder Romania SRL violated Article 6, 7 and 9 GDPR and imposed a fine of EUR 3.000.
Comment[edit | edit source]
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
Fine for violation of RGPD The National Supervisory Authority completed on 10.04.2020 an investigation at the operator Estee Lauder Romania SRL and found that it violated the provisions of art. 6, art. 7 and art. 9 of the General Data Protection Regulation. The operator Estee Lauder Romania SRL was sanctioned with a fine in the amount of 14483.4 lei, the equivalent of 3,000 EURO. The sanction was applied to the controller following a complaint alleging illegal data processing by disclosing and collecting personal data (name, surname, telephone number, date of birth and health information), respectively, without consent, or another legal basis. At the same time, the corrective measure was applied to the operator to ensure compliance with the General Data Protection Regulation of the operations of collection and further processing of personal data, by regularly instructing its own staff on the importance of compliance with the rules of personal data processing of its employees. , in each situation of personal data processing, in order to avoid their illegal disclosure, reported to art. 58 para. (2) lit. d) of the RGPD).