Home » Comunicat_Presa_20_12_2024
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

20.12.2024

Sanction for the breach of the GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in November 2024, an investigation at the controller English Home SRL and found the breach of Article 12 paragraphs (3) and (4) of Regulation (EU) 2016/679, by reference to Article 21 of the same regulation and of Article 25 of Regulation (EU) 2016/679.

As such, the controller was sanctioned:

  • with fine of 4,976,5 (the equivalent of 1,000 euros) for the breach of Article 12 paragraphs (3) and (4), by reference to Article 21 of Regulation (EU) 2016/679;
  • with fine of 19,906 lei (the equivalent of 4,000 euros) for the breach of Article 25 of Regulation (EU) 2016/679.

The investigation started as a result of a complaint sent by a data subject who reported that he was receiving, on the phone number, unsolicited commercial messages form the controller. Although the natural person requested the subscription, in writing, by e-mail, pursuant to Article 21 of Regulation (EU) 2016/679, including by accessing a link made available to the data subjects, the controller continued to send him new commercial messages.

During the investigation, it was found that the controller did not comply with the petitioner’s request to exercise the right to object to the processing of the e-mail address and telephone number for direct marketing purposes. At the same time, it turned out that the controller did not respond to the petitioner’s request within the legal terms.

As such, it was found the violation of Article 12 paragraphs (3) and (4) of Regulation (EU) 2016/679, by reference to the provisions of Article 21 of the same European legal act.

Also, during the investigation, it turned out that the controller English Home SRL did not implement adequate technical and organisation measures to ensure the compliance with the rights of data subjects, in particular the right to object regulated by Article 21 paragraphs (2), (3) and (5) of Regulation (EU) 2016/679, thus violating the provisions of Article 25 of Regulation (EU) 2016/679.

At the same time, the following corrective measures were ordered against the controller:

  • to effectively comply with the request to object to the processing of the petitioner’s data for direct marketing purposes and to send him a written response to his request;
  • to ensure the compliance of the personal data processing operations with Regulation (EU) 2016/679, by adopting the necessary technical and organisation measures, including the appropriate training of the personnel designated for this purpose, so that the controller is able to assess, to correctly handle and to respond to all requests through which the data subjects exercise their rights, within the deadlines and according to the conditions provided by Articles 12-23 of the GDPR;
  • to ensure the proper and permanent operation of the “unsubscribe” procedures from receiving promotional messages by phone/sms or e-mail, respectively, the withdrawal of consent to data processing for direct marketing purposes;
  • to take measures to facilitate the receipt of requests for the exercise of rights and appropriate information regarding these modalities, including on its own website.

 

Legal and Communication Department

A.N.S.P.D.C.P