Romania: ANSPDCP fines Proleasing Motors €15,000 for inadequate data security measures
The National Supervisory Authority for Personal Data Processing ('ANSPDCP') announced, on 9 July 2020, its decision to fine Proleasing Motors SRL RON 72,642 (approx. €15,000) for failing to implement adequate technical and organisational measures in accordance with Articles 32(1) and (2) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the ANSPDCP outlined that their investigation concerned a breach notification following the operator's post on Facebook of a document which indicated a password to access the forms completed by contest participants, thereby leading to the unauthorised access to personal data of 436 customers. Further to the same, the ANSPDCP highlighted Proleasing Motors were fined for failing to implement adequate technical and organisational measures to ensure data security and requested the taking of remedial action to review the same measures in order to mitigate any risks of unauthorised disclosure.
You can read the announcement, only available in Romanian, here.