On 18 September 2023, the Romanian DPA announced a fine of EUR 1,000 against an insurance company. This decision came in response to a complaint filed by a data subject regarding the violation of his right to object to receiving marketing messages from the company through LinkedIn.
The controller did not comply with the legal provisions regarding the processing of personal data, as it did not consider the requests of the data subject sent by e-mail, through which he expressed his preference not to be contacted with direct marketing messages without his consent.
The Romanian DPA also applied a corrective measure, which involves regular training of controller’s staff as well as adopting suitable and effective internal data protection procedures for handling requests submitted by data subjects. These procedures must respect the applicable provisions regarding the analysis and resolution of these requests without delay, so the controller can ensure that it effectively responds to the requests through which the rights of the data subjects are exercised.
The press release is available here (only in Romanian).