Home » Comunicat_Presa_17_02_2025
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

Visa Information System

 

 

 

Visa Information System

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

17.02.2025

Sanction for the breach of the GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in January current year, an investigation at the controller Meedea Construct Prest SRL and found the breach of Article 5 paragraph (1) letters a) b) and f) and of paragraph (2) in conjunction with Articles 6 and 9 of Regulation (EU) 2016/679.

As such, the controller was sanctioned:

  • with fine of 9,949.5 lei (the equivalent of 2,000 euros).

The investigation was started as a result of a complaints submitted by a natural person who complained that the controller Meedea Construct Prest SRL (former employer) disclosed documents related to his employment (copy of the individual employment contract, skills sheet, a medical certificate) to another third party and that third party used them in a litigation in court.

During the investigation, it was found that the controller Meedea Construct Prest SRL disclosed personal and health data belonging to the petitioner (former employee), such as: name, first name, address, identity card number and series, personal identification number, position/job/occupation, signature, date of birth, home address, medical conditions, signature and doctor’s initials, without complying with the legal conditions.

In this context, the provisions of Article 5 paragraph (1) letters a), b) and f) and paragraph (2), Articles 6 and 9 of the GDPR regarding the principles and legality of personal data processing were infringed, thus the controller being fined.

At the same time, based on the provisions of Article 58 paragraph (2) letter b) of Regulation (EU) 2016/679, the controller was ordered the corrective measure to ensures the compliance of collection and further processing operations of personal data with the GDPR, so as to avoid accessing and disclosing personal data processed by infringing the principles and the conditions of legality; in this way, the application of appropriate security and confidentiality measures shall also be taken into account, by establishing written procedures and regular training of persons who process data under the controller’s authority.

 

Legal and Communication Department

A.N.S.P.D.C.P