Home » Comunicat_Presa_17_12_2024
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

17.12.2024

Sanction for the breach of the GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in November 2024, an investigation at the controller UNICREDIT CONSUMER FINANCING IFN S.A.  and found the infringement of Article 6 paragraph (1) in conjunction with the provisions of Article 5 paragraph (1) letters a) and f), of paragraph (2) and of Article 32 paragraph (4) of Regulation (EU) 2016/679.

For the committed act, the controller was fined with 24,885 lei, the equivalent of 5,000 euros.

The investigation was started as a result of the transmission by the controller UNICREDIT CONSUMER FINANCING IFN S.A. of a personal data breach notification, based on its obligation according to the provisions of Article 33 of Regulation (EU) 2016/679.

It was reported that personal data such as: name, surname, function, signature belonging to certain data subjects (former employees) were processed by including them in certain contractual documents and used in the relationship with the controllers’ customers and collaborators, although their individual employment contracts were terminated.

During the investigation, it was found that controller UNICREDIT CONSUMER FINANCING IFN S.A. processed the personal data of some former employees, as a result of some operational errors, in violation of the principles provided by the Regulation.

At the same time, it was found that the controller did not responsibly monitor the application of the procedures which ensure the confidentiality and the security of the personal data, which led to the use of some versions of documents with non-updated signatories.

In this context, the processing of personal data was carried out without a legal basis, in violation of the processing principles related to legality, security and protection against unauthorised or illegal processing.

For this deed, the controller was fined for infringing the provisions of Article 6 paragraph (1) of Regulation (EU) 2016/679 in conjunction with the provisions of Article 5 paragraph (1) letters a) and f), or paragraph (2) and of Article 32 paragraph (4).

At the same time, the corrective measure of implementing a plan to monitor the application of the procedures so as to ensure the compliance with the provisions of the Regulation at all times, also in regards to the processing of personal data of employees who terminate the contractual employment relationship with UNICREDIT CONSUMER FINANCING IFN S.A., was ordered.

The controller has paid the established fine.

Legal and Communication Department

A.N.S.P.D.C.P