On 13 May 2021, the Romanian DPA announced a fine of EUR 2,000 was imposed against a controller in the telecommunication sector for failure to ensure the right to object. Further to this, the DPA issued a warning against the same for breaching the GDPR lawfulness requirements.
The investigation was launched following the receipt of the affected data subject’s complaint regarding phone calls received for marketing purposes, despite the withdrawal of consent for the processing of personal data upon termination of the contractual relationship with the said controller. During the investigation, the DPA found that subsequently, the petitioner exercised the right to object to the processing of personal data for marketing purposes and requested the erasure of his/her telephone number and e-mail address. Nonetheless, the petitioner was called again by a controller’s representative for marketing purposes. Only after the second objection request did the controller inform the petitioner of the deletion of his/her telephone number and e-mail address, confirming, at the same time, that the phone call following the first objection request was made due to a human error.
Therefore, the DPA concluded that the said controller failed to comply with both GDPR Article 6 (Lawfulness of processing) and Article 21 (Right to object).
The full press release is available here (only in Romanian).