Home » Comunicat_Presa_11_05_2023
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

Visa Information System

 

 

 

Visa Information System

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

11.05.2023

Sanction for the GDPR infringement

 

The National Supervisory Authority finalized in March 2023 an investigation at the controller Libra Internet Bank SA and found the breach of the provisions of Article 12 and Article 15 from Regulation (EU) 2016/679.

Therefore, the controller was sanctioned:

  1. with fine in amount of Lei 4,940.5 (the equivalent of EUR 1,000) for the breach of article 12 paragraph (4) in conjunction with article 15 paragraph (3) from Regulation (EU) 2016/679;
  2. with fine in amount of Lei 49,405 (the equivalent of EUR 10,000) for the breach of Article 12 paragraph (2) in conjunction with article 15 paragraphs (3) and (4) from Regulation (EU) 2016/679.

The investigation was started following a complaint through which it was reported the refusal of the controller to respond in full to the request for exercise of the right of access of the data subject, as well as the omission to provide some information to the latter.

Within the investigation the National Supervisory Authority found that Libra Internet Bank SA did not provide proofs from which to result that it provided a full answer to the request of the data subject, in relation to the request of the data subject based on the provisions of Article 15 paragraphs (1) and (2) from Regulation (EU) 2016/679, given that it did not provide a copy (under the form requested) of the personal data processed and did not provide the answer to the post address mentioned within the agreement, according to the request of the data subject, thus breaching the provisions of Article 15 paragraph (3) from Regulation (EU) 2016/679.

Also, it was found that the answer provided to the data subject by e-mail did not contain information on the possibility to submit a complaint before a supervisory authority and to submit a judicial recourse for the refusal to be provided a copy of the video recording requested, thus breaching the provisions of Article 12 paragraph (4) in conjunction with article 15 paragraph (3) from Regulation (EU) 2016/679.

With the same occasion, the National Supervisory Authority found that Libra Internet Bank SA did not present proofs from which to result that it has taken measures in order to facilitate the exercise of the right of access of the data subjects to the copy of the video recording concerning them, processed by the controller. Aspect that affected inclusively the manner of handling of the request of the claimant to the Authority. Therefore, it was found that the provisions of Article 12 paragraph (2) corroborated with Article 15 paragraphs (3) and (4) from Regulation (EU) 2016/679 were breached.  

At the same time, based on Article 58 paragraph (2) letter d) from Regulation (EU) 2016/679 also the following corrective measures were ordered to the controller:

  1. to respond to the request of the data subject, by communicating all the information provided under Article 15 paragraph (1) and (2) from Regulation (EU) 2016/679 and of the copy of the personal data provided under Article 15 paragraph (3) from the same regulation, adapted to the specific situation of the claimant, under the format requested by the latter, by post, to the correspondence data indicated by the latter;
  2. to adopt adequate technical and organizational measures, so as to facilitate the exercise of the rights of the data subjects, specifically of the right of access to a copy of the personal data that are subject to the processing, including, through the use of some information programs that would allow the editing of the information that can violate the rights of freedoms of other persons.

 

Legal and Communication Department

A.N.S.P.D.C.P