Home » Comunicat_presa_30_05_2024
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

30.05.2024

Sanction for GDPR infringement

 

In April 2024, the National Supervisory Authority for Personal Data Processing has concluded an investigation into Corint Logistic SRL data controller finding a breach of the provisions of Article 5 (1) (a) and (B), Article 6 (1), Article 12, Article 15 (1), Article 17 and Article 21 (3) of Regulation (EU) 2016/679.

Thus, the controller was sanctioned as follows:

1. With a fine in the amount of Lei 4,976.3 (the equivalent of EUR 1 000), for the breach of Article 17 and Article 21 (3) of Regulation (EU) 2016/679;

2. With a fine in the amount of Lei 4,976.3 (the equivalent of EUR 1 000), for the breach of Article 5 (1) (a) and (b) of Regulation (EU) 2016/679;

3. With reprimand for the violation of Article 15 (3) in conjunction with Article 12 of Regulation (EU) 2016/679.

The investigation was started following a complaint submitted by a data subject, indicating a potential infringement of the provisions of Regulation (EU) 2016/679. As such, a client of the controller complained that they have received commercial messages in the form of SMS on his phone, from Corint Logistic SRL, although they have exercised their right to erasure and they had received confirmation that their data was erased.

During the investigation it was held that the controller had not considered the requests for erasure/opposition sent by its client, therefore the applicant has continued to receive other SMS commercial messages from Corint Logistics SRL, thus breaching provisions of Article 17 and Article 21 (3) of Regulation (EU) 679/2016.

At the same time, during the investigation it was held that the controller has not submitted proof on the existence of the given consent of the data subject for sending commercial messages by phone, thus breaching the provisions of Article 5 (1) (a) and (b) and Article 6 (1) of Regulation (EU) 679/2016.

Nevertheless, it resulted, following the investigation, that the controller had not sent a reply to the customer on other requests for exercising their rights of access and erasure, sent by email, although it had this obligation, therefore breaching Article 15(1) of Regulation (EU) 679/2016 in conjunction with Article 12 of the same Regulation.

At the same time, the following corrective measures were also ordered against the controller:

  • To take adequate measures to comply with Regulation (EU) 679/2016, so that in the future the personal data of data subjects are processed for direct marketing purposes related to the use of electronic communication services (e-mail, telephone), with their express prior consent, including the adoption of procedures to this effect;
  • To adopt adequate and efficient internal procedures to protect personal data on how to deal with requests submitted by data subjects pursuant to Regulation (EU) 679/2016, to comply in all cases with the applicable provisions on the prompt consideration and resolution of such requests, so that the controller ensures that it effectively follows up on requests exercising the rights of data subjects, and to conduct regular training of its own staff.

 

 

Legal and Communication Department

A.N.S.P.D.C.P.