Home » Comunicat_Presa_07_09_2023
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

Visa Information System

 

 

 

Visa Information System

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

07.09.2023

 

Sanction for the GDPR infringement

 

The National Supervisory Authority for Personal Data Processing finalized in August 2023 an investigation at the controller ISRA Center Marketing Research SRL and found the breach of the provisions of Article 14 paragraph (2) letter f), Article 17 paragraph (1) letter c) and of Article 21 paragraph (1) from Regulation (EU) 2016/679.

The controller was sanctioned with two fines in total amount of Lei 9,898, the equivalent of EUR 2,000.

The investigation was started following a complaint submitted by a natural person that reported the fact that the controller sends him/her unsolicited messages on the e-mail address.

Within the investigation performed, the National Supervisory Authority found that ISRA Center Marketing Research SRL collected the personal data of the data subject (for example, the first name, last name, e-mail address, workplace) indirectly, from public sources, for the purpose of a proposal to participate at a market research.

Therefore, within the investigation, it resulted that the controller did not present proofs from which to result that it ensured a clear and complete information of the person whose personal data it collected from public sources, omitting to provide all the information provided under Article 14 from Regulation (EU) 2016/679, such as the collection source for the data (Article 14 paragraph (2) letter f)). Also, it was found that the source for the collection of the data was not clearly presented neither within the information available on the website of the controller.

Also, within the investigation, it resulted that ISRA Center Marketing Research SRL did not take the necessary measures to handle the request for the exercise the right to object to the processing of the data. Thus, the controller continued to process the data of the claimant by sending a new message, the provisions of Article 17 paragraph (1) letter c) and of Article 21 paragraph (1) from Regulation (EU) 2016/679 being thus breached.

Also, according to the provisions of Article 58 paragraph (2) letter d) from Regulation (EU) 2016/679, also the following corrective measures were applied to the controller:

  • to ensure the compliance with Regulation (EU) 2016/679 of the operations for the processing of personal data, by ensuring a clear and complete information of the data subjects, both on its own website and within other documents provided directly to the data subjects, by providing all the information mentioned under Articles 13 and 14, as the case may be, with the observance of the transparency conditions provided under Article 12 from the same Regulation;
  • To analyze the lawfulness of the personal data previously collected from other sources than directly from the data subjects and to eliminate from the evidence system, as the case may be, the personal data which processing was not performed with the observance of all the provisions of Regulation (EU) 2016/679.

We mention that the controller paid the countervalue of the sanctions imposed.

 

Legal and Communication Department

A.N.S.P.D.C.P.