Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Romania: ANSPDCP fines Banca Transilvania €100,000 for inadequate security measures

The National Supervisory Authority for Personal Data Processing ('ANSPDCP') announced, on 17 December 2020, its decision to fine Banca Transilvania SA RON 487,380 (approx. €100,000) as a result of a violation of Article 5(1)(f) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), relating to the controller's responsibility to ensure integrity and confidentiality of data, and Article 32 of the GDPR for inadequate security measures. In particular, the ANSPDCP highlighted that, further to complaints regarding the breach of confidentiality and failure to secure data, it investigated the company, and found that a listed document containing a client's statement, as well as an email containing the internal conversation between the company's employees was posted on Facebook and a website. More specifically, the ANSPDCP noted that the circulation of this listed document led to the unauthorised disclosure of personal data of four individuals and that the company had failed to take adequate technical and organisational security measure to safeguard data. 

You can read the announcement, only available in Romanian, here.