Two new fines imposed by the Romanian DPA


On 30 July 2020, the Romanian DPA announced two controllers were fined for GDPR violations:

  • a EUR 2000 fine was imposed on a postal company for inadequate technical and organizational measures ensuring data security, which led to unauthorized disclosure of the data of 81 data subjects;
  • a EUR 2000 fine was imposed on a credit company for failure to comply with the data subjects’ rights provided under Article 12 (3)-(4) and 17 of the GDPR. A corrective measure was also applied to provide the data subject with an answer to the concerned erasure request.

The full press releases are available here and here (only in Romanian).