Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Romania: ANSPDCP fines Vodafone Romania €3,000 for GDPR violations

The National Supervisory Authority for Personal Data Processing ('ANSPDCP') announced, on 18 March 2020, its decision ('the Decision) to impose a fine of €3,000 on Vodafone Romania SA for violating Article 5(1)(d) and (f), and 5(2) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). More specifically, the Decision highlights that Vodafone Romania mistakenly processed the personal data of an individual in order to resolve his complaint, subsequently sent to an incorrect e-mail address, not having taken sufficient security measures against the illegal processing of the data. In addition, the Decision notes that Vodafone Romania was subsequently ordered to put in place adequate and efficient security measures from a technical and organisational point of view, including the regular training of individuals. Finally, ANSPDCP outlines the obligations of data controllers under Article 5(1)(d) and (f) of the GDPR, namely compliance with the principles of accuracy, integrity, and confidentiality, and Article 5(2) relating to the demonstration of such compliance.

You can read the Decision here.