On 16 June 2021, the Romanian DPA announced it imposed another fine of EUR 2,000 to a controller in the retail sector for not providing the DPA with the information requested after a data subject filed a complaint alleging the lack of response to a data erasure request.
Following the investigation, the Romanian DPA found that the controller in question had failed to adopt measures to ensure the effective exercise of data subjects’ rights, which led the complainant’s request for deletion of personal data to remain unresolved. Consequently, the controller was sanctioned with a warning.
Moreover, the Romanian DPA also applied two corrective measures for the said controller to provide information on the measures taken to delete the data collected without the complainant’s express consent, and to facilitate the exercise of the data subjects’ rights, by providing valid contact details, including a functional e-mail address, which will be made public on the controller’s website.
The full press release is available here (only in Romanian).