Home » Comunicat_Presa_23_12_2024
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

23.12.2024

Sanction for the breach of the GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in December 2024, an investigation at the controller Fan Courier Express S.R.L. and found the breach of Article 12 paragraphs (2), (3) and (4), by reference to the provisions of Article 15 paragraph (3) of Regulation (EU) 2016/679.

As such, the controller was sanctioned with a fine of 9,954 lei, the equivalent of 2,000 euros.

The investigation was initiated following a complaint submitted by an employee who reported a possible violation of Regulation (EU) 2016/679, as a result of the lack of an adequate and complete response from the controller to the request through which he exercised his right of access.

During the investigation, it was found that controller Fanc Courier Express S.R.L. omitted to communicate tot eh data subject a copy of his personal data, as he correctly requested through the request sent electronically to the address of the controller, according to the provisions of Article 15 paragraph (3) of the GDPR.

It was found that the controller delayed the resolution of the data subject’s request by directing it to another internal department, asking him to submit a new request at another location of the controller.

It was also noted that in the record system of the controller there was the e-mail address associated with the data subject for communications.

Consequently, it was found that the controller Fan Courier Express S.R.L. did not properly respect the petitioner’s right of access, thus infringing the provisions of Article 12 paragraphs (2), (3) and (4), by reference to Article 15 paragraph (3) of Regulation (EU) 2016/679 and it was fined.

Also, the controller was ordered the corrective measures:

  • to send a complete response to the petitioner’s request by e-mail, by securely communicating the copy of his personal data from the controller’s record system;
  • to ensure compliance of personal data processing operations with Regulation (EU) 2016/679, by adopting the necessary technical and organisational measures, including the appropriate training of the personnel designated for this purpose, so that the controller is able to assess, to correctly handle and to appropriately respond to the request through which the data subjects exercise their rights.

Legal and Communication Department

A.N.S.P.D.C.P