The National Supervisory Authority ended, on March, an investigation at the operator Lugera & Makler Broker SRL, by noticing that breach of the article 29 and the article 32, paragraphs 2 and 4 of the General Data Protection Regulation.
For this reason, the operator Lugera & Makler Broker SRL has been sanctioned with a fine of 7.331,85 Lei (which are 1.500 euros).
The investigation started after a notification received by a natural person of a personal data breach presented by Raiffeisen Bank SA, from which results that Lugera & Makler Broker SRL (the person authorized by the operator Raiffeisen Bank SA) has not delivered to Raiffeisen Bank SA the document concerned the required activities carried out by one of its employees, because they were disrupted.
During the investigation, the National Supervisory Authority has detected that the operator Lugera & Makler Broker SRL (as person authorized by Raiffeisen Bank SA) has not adopted measures in order to guarantee that any natural person that acts under its authority and that has the access to personal data only under its permission and has not implemented adequate technical and organizational measures in order to guarantee a security level which was adequate to the risk of a particular personal processing, accidentally or illegally, by disruption, loss, alteration, no authorized disclosure or no authorized access of personal data shared, stored or processed.
In addition, after the execution of 1372 prescriptions by a sales agent, employee of the Lugera & Makler Broker SRL, 1058 data subjects were interested by the security accident, because the original documentation related to the prescription was not provided by the agent, but disrupted, it has also generated the security accident notified by Raiffeisen Bank to ANSPDCP, by breaching the disposals of the articles 29 and 32, paragraphs 2 and 4 of the General Data Protection Regulation.