Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
152 fines found
Total: $1.6M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2023-03-06 | Integral Collection SRL | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) b), c) GDPR, Art. 32 (2) GDPR |
| 2022-06-15 | S.C. Wine Point S.R.L. | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) b) GDPR |
| 2020-04-23 | Telekom Romania Communications SA | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-07-05 | Legal Company & Tax Hub SRL | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | The company had not imposed sufficient security measures, which led to the unaut...The company had not imposed sufficient security measures, which led to the unauthorized access of personal information related to the people who had made transactions with the website avocatoo.ro. This information includes names, emails, phone numbers, jobs, surnames, mailing addresses, and transaction details). Documents dated 10th of November 2018 – 1st of February 2019 had become publicly accessible to anyone. The company was sanctioned following a notification by the National Supervisory Authority when transaction details were publicly accessible via two links. Articles: Art. 32 GDPR |
| 2023-04-19 | Partidul Uniunea Salvați România | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), b) GDPR, Art. 6 GDPR |
| 2019-07-05 | Legal Company & Tax Hub SRL | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2022-02-22 | IAMSAT Muntenia SA | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-compliance with lawful basis for data processing | --Articles: Art. 12 GDPR, Art. 13 GDPR, Art. 21 GDPR |
| 2021-11-14 | Vodafone România SA | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) b) GDPR, Art. 32 (2) GDPR, Art. 3 (1) Law No. 506/2004, Art. 3 (3) a), b) Law No. 506/2004 |
| 2019-10-17 | UTTIS INDUSTRIES | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Information obligation non-compliance | A controller was sanctioned because he had unlawfully processed the personal dat...A controller was sanctioned because he had unlawfully processed the personal data (CNP), and images of employees obtained through the surveillance system. The disclosure of the CNP in a report for the ISCIR training in 2018 wasn’t legal, as per Art.6 GDPR. Articles: Art. 12 GDPR, Art. 13 GDPR, Art. 5 (1) c) GDPR, Art. 6 GDPR |
| 2019-10-17 | UTTIS INDUSTRIES | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Information obligation non-compliance | --Articles: Art. 12 GDPR, Art. 13 GDPR, Art. 5 (1) c) GDPR, Art. 6 GDPR |
| 2019-11-29 | Royal President S.R.L. | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Information obligation non-compliance | The pension Royal President near Bucharest was fined €2,500 after it refused to ...The pension Royal President near Bucharest was fined €2,500 after it refused to process a request for the exercise of the right of access. The Romanian Data Processing Authority also determined that customers’ personal data was not processed in accordance with GDPR principles. Articles: Art. 12 GDPR, Art. 15 GDPR |
| 2019-11-29 | Royal President S.R.L. | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Information obligation non-compliance | --Articles: Art. 12 GDPR, Art. 15 GDPR |
| 2023-03-06 | Finopro IFN SA | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) b), c) GDPR, Art. 32 (2) GDPR |
| 2022-06-30 | Continental Automotive Romania SRL | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 24 GDPR, Art. 32 (1) d) GDPR |
| 2022-06-03 | Kaufland Romania SCS | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 29 GDPR, Art. 32 (1) b) GDPR, Art. 32 (2), (4) GDPR |
| 2022-08-04 | Sephora Cosmetics România SA | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 21 GDPR |
| 2019-11-22 | BNP Paribas SA | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Information obligation non-compliance | BNP Paribas Personal Finance was requested to erase personal data of a client an...BNP Paribas Personal Finance was requested to erase personal data of a client and it did not do so during the timeframe required by GDPR legislation. Articles: Art. 12 GDPR, Art. 17 GDPR |
| 2019-12-02 | Nicola Medical Team 17 SRL | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-cooperation with Data Protection Authority | The company did not comply with measures imposed by the Data Protection Authorit...The company did not comply with measures imposed by the Data Protection Authority. Articles: Art. 58 GDPR |
| 2019-12-16 | Globus Score SRL | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-cooperation with Data Protection Authority | The company did not comply with measures imposed by the Data Protection Authorit...The company did not comply with measures imposed by the Data Protection Authority. Articles: Art. 58 GDPR |
| 2019-12-18 | Telekom Romania | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | The company did not ensure the accuracy of the processing of personal data. This...The company did not ensure the accuracy of the processing of personal data. This resulted in the disclosure of a client’s personal data to a different client. Articles: Art. 32 GDPR |
| 2020-03-25 | SOS Infertility Association | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-cooperation with Data Protection Authority | The SOS Infertility Association failed to provide the necessary data to the data...The SOS Infertility Association failed to provide the necessary data to the data protection authority after it had unlawfully processed personal data of its clients. Articles: Art. 58 GDPR |
| 2022-09-22 | Bitfactor SRL | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information | --Articles: Art. 25 (1) GDPR, Art. 32 (1), (2) GDPR |
| 2022-09-19 | Banca Comercială Română SA | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information | --Articles: Art. 25 (1) GDPR, Art. 32 (1) b), d), e) GDPR |
| 2022-11-07 | Romanian Post | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) b), (2) GDPR |
| 2022-09-09 | SC Raiffeisen Bank SA | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to comply with data processing principles | --Articles: Art. 5 (1) d) GDPR |