On 4 March 2021, the Romanian DPA announced a fine of EUR 500 was imposed against a private individual (qualified as controller) for publishing a list of 10 electoral supporters on a social media platform, disclosing their name and surname, signature, citizenship, date of birth, address, identity card’s series and number, and political option.
The DPA sanctioned the controller for failing to implement appropriate technical and organizational measures to ensure the security of personal data, to comply with the principle of integrity and confidentiality, and to respond to DPA’s requests. Moreover, the DPA ordered the controller to delete the list of electoral supporters from the social media platform on which it was posted.
The press release is available here (only in Romanian).