ANSPDCP (Romania) - fine to Enel Energie Muntenia SA
|ANSPDCP - fine to Enel Energie Muntenia SA
|Article 32 GDPR
|Enel Energie Muntenia SA
|National Case Number/Name:
|fine to Enel Energie Muntenia SA
|European Case Law Identifier:
|ANSPDCP (in RO)
The Romanian DPA (ANSPDCP) fined an energy company EUR 3,000 for violation of the security and confidentiality of personal data.
English Summary[edit | edit source]
Facts[edit | edit source]
The energy company Enel Energie Muntenia SA was investigated after a notification sent by a customer to the DPA.
Holding[edit | edit source]
The ANSPDCP found that Enel Energie Muntenia SA transmitted a client's personal data to the e-mail address of another client. The DPA decided that the controller did not have adequate technical and organizational measures in place to ensure a level of security that corresponds to the risk of the processing.
Thus, the controller violated the security of processing as required by Article 32 GDPR and the DPA imposed the fine of 14,423.7 lei (approx. EUR. 3,000) and ordered the controller to take the necessary measures within 30 days.
Comment[edit | edit source]
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
On 25.02.2020, the National Supervisory Authority finalized an investigation with the operator Enel Energie Muntenia SA and found that it violated the provisions of art. 32 of the General Regulation on Data Protection, regarding the processing security. The operator Enel Energie Muntenia SA was sanctioned contraventional with a fine in the amount of 14,423.7 lei, the equivalent of 3000 EURO. Violation of the security and confidentiality of personal data was that the operator Enel Energie Muntenia SA transmitted to the e-mail address of a client a natural person, personal data (name and surname, address, e-mail address, client code, eneltel code) of another client. The operator Enel Energie Muntenia SA was sanctioned because it did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the risk of the processing generated especially, accidentally or illegally, by the unauthorized disclosure or the unauthorized access to personal data. The National Supervisory Authority carried out the investigation as a result of a notification sent by a customer of the operator, which is accompanied by conclusive evidence regarding the ones notified. At the same time, the corrective measure was applied to the operator Enel Energie Muntenia SA, according to the provisions of art. 58 paragraph (2) lit. i) of the General Regulation on Data Protection. Thus, the operator was obliged to ensure compliance with the General Data Protection Regulation by implementing appropriate and efficient security measures, both technically and organizationally, within 30 working days of the communication. minutes.