Romania: ANSPDCP fines Banca Comercială Română €5,000 for failure to ensure security of processing
The National Supervisory Authority for Personal Data Processing ('ANSPDCP') announced, on 5 May 2020, that it had fined Banca Comercială Română SA RON 24,163.50 (approx. €5,000) for violating its obligation to ensure security of data processing under Article 32 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the ANSPDCP noted that Banca Comercială Română had not implemented adequate technical and organisational measures to ensure an adequate level of security in light of the risk of the data processing. In addition, the ANSPDCP found that the collection and transmission to the operator via WhatsApp of copies of customers' identity documents constituted a violation of the internal working procedure.
You can read the press release, only available in Romanian, here.