Home » Comunicat_Presa_19_12_2024
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

19.12.2024

Sanction for the breach of the GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in November 2024, an investigation at the controller Pansiprod Distribuție SRL and found the breach of Article 15 paragraphs (3) and (4) and of Article 58 paragraph (2) letter c) of Regulation (EU) 2016/679, as it did not fully implement the corrective measures from the report of finding/sanctioning issued by our institution (on 19 February 2024).

As such, the controller was sanctioned with a fine of 4,976.4 (the equivalent of 1,000 euros).

In this context, we note that, initially, on 19 February 2024, the National Supervisory Authority completed an investigation following a complaint submitted by a data subject who complained to the controller that it did not respond to his request on exercising the right of access to personal data.

During the investigation, it was found that the controller Pansiprod Distribuție SRL did not present proves of communicating an adequate reply to the petitioner, within the legal deadline¸ thus breaching the provisions of Article 12 paragraphs (3) and (4) of Regulation (EU) 2016/679, by reference to Article 15 of the same regulation.

As such, the controller was sanctioned with a reprimand through the report of finding/sanctioning and two corrective measures were ordered:

  • to communicate a written response to the petitioner’s request, by reference to the provisions of Article 15 of Regulation (EU) 2016/679, based on the provisions of Article 58 paragraph (2) letter c) of Regulation (EU) 2016/679;
  • to ensure compliance of personal data processing operations with Regulation (EU) 2016/679, by implementing appropriate technical and organizational measures, including with regards to training of persons who process data under the authority of the controller, in relation to the procedure for deactivating/archiving/storing/deleting content related to an e-mail account used for professional purposes, which may contain personal data, including that of the owner of this account, pursuant to the provisions of Article 58 paragraph (2) letter d) of Regulation (EU) 2016/679.

Later, the petitioner returned with a new complaint in which he complained about the manner in which the controller responded to his request of access to the data, and in the framework of a new investigation at Pansiprod Distribuție SRL, it turned out that the controller did not fully implement the corrective measure for the report of 19 February 2024, ordered based on Article 58 paragraph (2) letter c) of Regulation (EU) 2016/679. Thus, through the reply sent, the controller did not communicate the copy of his personal data from the history of his e-mail account to the petitioner within the established deadline and in an adequate manner. This situation represents a violation of the provisions of Article 15 paragraphs (3) and (4) of Regulation (EU) 2016/679.

As such, a fine of 4,976.4 lei (the equivalent of 1,000 euros) was imposed.

Also, pursuant to Article 58 paragraph (2) letter c) of Regulation (EU) 2016/679, the corrective measure for the controller to send a complete response tot eh request of the data subject, by communicating a copy of his personal data from the archive of his e-mail account was ordered, by reference to Article 15 paragraphs (3) and (4) of Regulation (EU) 2016/679.

 

Legal and Communication Department

A.N.S.P.D.C.P