On December 10, 2025, the Romanian DPA concluded an investigation into a gambling company. The DPA found that the company had violated its obligation on data subject rights, particularly, the obligations regarding the right of access, and consequently issued an administrative fine amounting to RON equivalent of EUR 15,000.
The investigation was initiated following a complaint from a data subject who was dissatisfied with how their request for access to personal data had been handled by the controller.
During the inquiry, the DPA found that the company had failed to provide evidence showing that it had communicated, in writing and within the legal timeframe, a complete and appropriate response to the data subject’s request concerning personal data from their player accounts, including self-exclusion information.
The press release is available here (Romanian language only).
