The Romanian DPA fines a software company EUR 4 ,000 for failure to ensure data security and non-compliance with the request of information during investigation

08.07.2022

On July 7 2022, the Romanian DPA announced it sanctioned a software company with two fines amounting in total to EUR 4,000 for non-compliance with the obligation to ensure data confidentiality, as well as failure to comply with the DPA`s request for information.

During the investigation, the Romanian DPA found that the controller failed to implement adequate technical and organizational measures to ensure a level of security appropriate to the processing by making publicly available on its website documents (such as invoices issued by the company to its customers and AWBs-transport documents). This led to a loss of confidentiality of the personal data of the controller`s customers consisting of name, surname, sender and recipient address, telephone number, username and password, e-mail addresses.

Therefore, the company was sanctioned as follows:

  • with a fine of 1000 EURO, as the controller did not provide the information requested by the Authority;
  • with a fine of 3000 EURO, as the controller did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the processing risk.

The press release is available here (only in Romanian).