Home » Comunicat_Presa_16_09_2024
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

16.09.2024

Sanctions for the infringement of the GDPR

 

The National Supervisory Authority for Personal Data Processing closed investigations on two data controllers and found the violation of Article 12 (3), Article 15 and Article 17 of the General Data Protection Regulation (GDPR).

The data controllers have received the following sanctions:

1. The data controller Vodafone România SA was sanctioned with an administrative fine in the amount of 14,930 RON (the equivalent of 3,000 EUR).

The sanction was imposed following a complaint that the controller failed to respond to the complainant’s request to exercise their rights of access and erasure under the GDPR.

During the investigation, the National Supervising Authority found that Vodafone România SA had not submitted any proof that it sent a reply to the complainant’s request to their rights of access and erasure within 30 days, the reply having been communicated to them by the controller after our institution had taken the appropriate steps.

In this context, the data controller Vodafone România SRL was sanctioned with a fine for the violation of Article 12 (3), Article 15 and Article 17 of the GDPR.

At the same time, a corrective measure has been imposed on the data controller Vodafone România SA, consisting of adopting internal procedures for handling requests of data subjects pursuant to the GDPR (Article 12-22), complying at all times to the applicable provisions concerning the prompt consideration and handling of such requests and the provision of replies to data subjects within the legal deadlines, as well as to train staff regularly.

2. The data controller SC Class IT Outsourcing SRL was sanctioned with an administrative fine in the amount of 4,976.7 RON (the equivalent of 1,000 EUR).

The sanction was imposed following a complaint that the controller failed to respond to the complainant’s request to exercise their right to erasure.

During the investigation, the National Supervising Authority found that SC Class IT Outsourcing SRL had not submitted any proof that it sent a reply to the complainant’s request to their right to erasure within 30 days, the reply having been communicated to them by the controller after our institution had taken the appropriate steps.

In this context, the data controller SC Class IT Outsourcing SRL was sanctioned with a fine for the violation of Article 12 (3) and Article 17 of the GDPR.

At the same time, a corrective measure has been imposed on the data controller, consisting of adopting internal procedures for handling requests of data subjects pursuant to the GDPR (Article 12-22), complying at all times to the applicable provisions concerning the prompt consideration and resolution of such requests and the provision of replies to data subjects within the legal deadlines, as well as to train staff regularly.

 

Legal and Communication Department

A.N.S.P.D.C.P.