On 15 March 2023, the Romanian DPA announced it sanctioned a political party with a fine of EUR 10,000 for non-compliance with the data protection principles related to data minimization and accountability.
The investigation was launched following the receipt of data subjects’ notices complaining that the controller was collecting personal data through its website without providing the data subjects with relevant information on the processing and without fulfilling the conditions for legal processing.
As a result of the investigation, it was found that several personal data were collected by filling in and signing the online form on the respective website, by sending the physical form by post, and by completing and signing it at the special centers of the said political party. Such data consisted of the name, surname, address, series and number of the identity card, personal numerical code (“CNP” in Romanian), telephone number, and signature of the data subjects.
The press release is available here (only in Romanian).