Romania: ANSPDCP fines Vodafone Romania €3,000 for GDPR violations
The National Supervisory Authority for Personal Data Processing ('ANSPDCP') announced, on 18 March 2020, its decision ('the Decision) to impose a fine of €3,000 on Vodafone Romania SA for violating Article 5(1)(d) and (f), and 5(2) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). More specifically, the Decision highlights that Vodafone Romania mistakenly processed the personal data of an individual in order to resolve his complaint, subsequently sent to an incorrect e-mail address, not having taken sufficient security measures against the illegal processing of the data. In addition, the Decision notes that Vodafone Romania was subsequently ordered to put in place adequate and efficient security measures from a technical and organisational point of view, including the regular training of individuals. Finally, ANSPDCP outlines the obligations of data controllers under Article 5(1)(d) and (f) of the GDPR, namely compliance with the principles of accuracy, integrity, and confidentiality, and Article 5(2) relating to the demonstration of such compliance.
You can read the Decision here.