On 27 July 2020, following a data breach notification, the Romanian Data Protection Authority announced a fine of EUR 5,000 was imposed on an operator in the transport sector for failure to comply with the security of processing requirements provided under Article 32 para. (1), (2) and (4) of the GDPR.
A set of corrective measures was also applied to (i) review and update the technical and organizational measures ensuring data security and to (ii) regularly train the employees handling personal data.
The full press release is available here (only in Romanian).