On 6 June 2023, the Romanian DPA announced a fine of EUR 3,000 for a controller in the beauty salon industry for failure to provide the information requested by the DPA during an investigation.
The investigation was initiated following a complaint lodged by a data subject who claimed that the controller was sending unsolicited SMS messages although the data subject had repeatedly exercised the right to erasure under the GDPR.
Thus, it was held that the controller breached the provisions of Article 83 (5) (e) GDPR for not providing the information requested by the DPA representatives.
The press release is available here (only in Romanian).