SC CNTAR TAROM SA

€20K($22K USD)final

Date Issued

2019-11-29

Regulation

GDPR

Authority

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)

Country

Romania

Violation Type

Failure to implement sufficient measures to ensure information security

Currency

EUR

Violation Summary

A fine of €20,000 was issued to the Romanian national airline Tarom because it failed to implement the necessary technical measures to ensure the security of personal information. As a consequence of these inadequate measures, a Tarom employee was able to access the flight booking application without authorization and see the personal data of 22 passengers, after which the employee took a photo of the list and made it public online.

Articles Violated

Art. 32 GDPR

View Source Document →

Other Fines for SC CNTAR TAROM SA

Date	Regulation	Amount (USD)	Type
2020-07-27	GDPR	$5,400	Failure to implement sufficient measures to ensure information security
2019-04-12	GDPR	$21,600	Failure to implement sufficient measures to ensure information security