ANSPDCP - Vodafone România S.A. 3
|ANSPDCP - ANSPDCP - Vodafone România S.A. 3|
|Relevant Law:||Article 12 GDPR|
Article 15 GDPR
Article 17 GDPR
|Parties:||Vodafone România S.A.|
|National Case Number/Name:||ANSPDCP - Vodafone România S.A. 3|
|European Case Law Identifier:||n/a|
|Original Source:||ANSPDCP (in RO)|
The Romanian DPA (ANSPDCP) fined Vodafone €4000 for not responding to access and erasure requests in breach of Articles 12, 15, and 17 GDPR.
English Summary[edit | edit source]
Facts[edit | edit source]
The ANSPDCP conducted an investigation into Vodafone România S.A. and found that the controller could not demonstrate compliance and prove that it had fulfilled access and deletion requests.
Dispute[edit | edit source]
Did the controller facilitate and fulfill the rights of data subjects enshrined in Articles 12, 15, and 17 GDPR?
Holding[edit | edit source]
The ANSPDCP held that the controller failed to meet its obligations, as it could not prove that it had replied to or complied with the requests from data subject. The DPA therefore fined Vodafone €4000 for breaching Articles 12, 15, and 17 GDPR.
Furthermore, the DPA imposed the corrective measure of ordering the controller to adequately respond to the data subject who submitted the requests.
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
The National Supervisory Authority completed on 04.11.2020 an investigation at the operator Vodafone Romania SA and found the violation of the provisions of art. 12, art. 15 and art. 17 of the General Data Protection Regulation. The operator of Vodafone Romania SA was sanctioned with a fine in the amount of 19468.8 lei, the equivalent of the amount of 4000 EURO. The sanction was applied following some complaints claiming that the operator did not respond to requests to exercise the rights of access and deletion provided by art. 15 and art. 17 of the General Data Protection Regulation. During the investigation, Vodafone Romania SA could not prove the settlement of the requests for exercising the access and deletion rights within the term provided by art. 12 of the Regulation. At the same time, the corrective measure was applied to the operator to communicate a response to the petitioner to his requests regarding the measures adopted on their basis. A.N.S.P.D.C.P.