Romania: ANSPDCP fines World Class România €2,000 for data security violation
The National Supervisory Authority for Personal Data Processing ('ANSPDCP') announced, on 7 May 2021, its decision to fine World Class România S.A. RON 9,851 (approx. €2,000) for posting an employee's resignation request on a company Whatsapp chat, in violation of Article 32 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the ANSPDCP outlined that, in posting this information, World Class România had allowed unauthorised access to all members of that WhatsApp group to certain personal data of the employee in question, including their name, surname, address, identity card information, and information related to the request for termination of employment.
The ANSPDCP, therefore, found that World Class România had failed to implement sufficient technical and organisational measures to ensure the confidentiality of the personal data of the data subject, and, in addition to the financial penalty, ordered World Class România to ensure compliance with the GDPR by implementing technical and organisational measures, including regular employee training, within 30 days.
You can read the press release here.