The National Supervisory Authority has concluded an investigation on a natural person and has revealed a breach of the disposals of the article 5, paragraph 1, letter a) and b), and paragraph 2, mentioned into the article 6, paragraph 1, as well as what is mentioned into the article 13, paragraphs 1 and 3, and article 32, paragraph 2, of the General Data Protection Regulation.
The natural person, as an operator, has been sanctioned with a sanction of 974,96 lei (200 Euro).
The investigation has been started after the reception of different complainants that into the website, by filling a form generate a declaration under its own responsibility necessary in order to leave the habilitation during the emergency status, some personal data, like name, surname, parent’s name, residence, personal numerical code, series and ID number, address of the house, place of trip, the purpose and signature.
During investigation, the National Supervisory Authority has detected that thedata controller has not presented any proof in order to demonstrate to have legally processed personal data, recollected and stored on the website.
At the same time, it has been revealed that it has not provided any proofs that demonstrated to have provided information to data subjects on the processing of their personal data on the same website.
The data controller (natural person), in addition, has not implemented adequate security measures in order to guarantee that the file which include personal data of data subject is not subjected to processing risks, generated in particularly, accidentally or illegally, by disruption, loss, change, no authorized access or sharing to persona data transmitted, stored or processed.