Home » Comunicat_Presa_06_03_2025
 Română | English | Francais

06.03.2025

Sanction for the breach of the GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in January 2025, an investigation at the controller SHOPBAG GROUP ONLINE SRL and found the breach of Article 83 paragraph (5) letter e) (2) of Regulation (EU) 2016/679.

As such, the controller was sanctioned with fine of 9,949.8 lei (the equivalent of 2,000 euros).

The investigation was initiated following a complaint from an individual who claimed that he had not received a response to his requests to delete his account and the data associated with it from the website depozit-online.ro, owned by the controller.

During the investigation, it was found that the petitioner wanted to delete his account created on the controller’s website depozit-online.ro, but the controller did not respond to his request.

Also, the controller did not respond to the requests addressed by the National Supervisory Authority for the Processing of Personal Data in the exercise of its investigative powers.

Thus, given that the controller did not provide the information that the National Supervisory Authority requested in order to fulfill its tasks, the controller was sanctioned with a minor offence fine, for violating the provisions of Article 83 paragraph (5) letter e) of Regulation (EU) 679/2016.

Article 83 General conditions for imposing administrative fines

(…) (5)   Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher:

  1. the basic principles for processing, including conditions for consent, pursuant to Articles 5, 6, 7 and 9;
  2. the data subjects' rights pursuant to Articles 12 to 22;
  3. the transfers of personal data to a recipient in a third country or an international organisation pursuant to Articles 44 to 49;
  4. any obligations pursuant to Member State law adopted under Chapter IX;
  5. non-compliance with an order or a temporary or definitive limitation on processing or the suspension of data flows by the supervisory authority pursuant to Article 58(2) or failure to provide access in violation of Article 58(1).

At the same time, the controller was ordered the corrective measure of communicating to A.N.S.P.D.C.P all the information and documents requested through the letters that were communicated to it.

 

Legal and Communication Department

A.N.S.P.D.C.P