Home » Comunicat_Presa_05.08.2025
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

Visa Information System

 

 

 

Visa Information System

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

05.08.2025

Sanction for violating the GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in July 2025, an investigation at the controller Order of Biochemists, Biologists and Chemists in the Romanian Healthcare System (Ordinul Biochimiștilor, Biologilor și Chimiștilor în Sistemul Sanitar din România) and found the infringement of Article 12 paragraphs (3) and (4), Article 15 and Article 58 paragraph (1) letters a) and e) of Regulation (EU) 2016/679.

As such, the controller was sanctioned with:

  • fine of 5,079.5 lei, the equivalent of 1,000 euros for the infringement of Article 12 paragraphs (3) and (4) of Regulation (EU) 2016/679
  • reprimand for the infringement of Article 58 paragraph (1) letters a) and e) of Regulation (EU) 2016/679.

The investigation was initiated following a complaint from an individual who claimed that the controller, the Order of Biochemists, Biologists and Chemists in the Romanian Healthcare System, had not responded to the requests by which he had exercised, in accordance with Article 15 of Regulation (EU) 2016/679, the right of access to personal data.

During the investigation it was found that the controller had not sent the petitioner a proper and complete written response to the requests made.

Thus, the provisions of Article 12 paragraphs (3) and (4) and Article 15 of Regulation (EU) 2016/679 were violated, the controller being sanctioned with a fine.

At the same time, the controller did not respond to the request of the supervisory authority to communicate a response to the petitioner in accordance with the provisions of Article 15 of the Regulation, the controller also violating the provisions of Article 58 paragraph (1) letters a) and e) of Regulation (EU) 2016/679, for this act being sanctioned with a reprimand.

Also, pursuant to the provisions of Article 58 paragraph (2) letters c) and d) of Regulation (EU) 2016/679, the following corrective measures were also ordered against the controller:

  • to adopt internal procedures regarding the manner of handling requests submitted by data subjects pursuant to Regulation (EU) 2016/679 (Articles 12-22), compliance in all cases with the applicable provisions regarding the analysis and resolution of these requests without delay and the communication of responses to data subjects within the legal deadlines, as well as regular training of the controller’s staff in this regard;
  • to send a response to the applicant to requests for the exercise of the right of access in accordance with Article 15 of the Regulation.

 

Legal and Communication Department

A.N.S.P.D.C.P