Select your nation of interest

Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR   

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR   

The National Supervisory Authority for Personal Data Processing, completed, in February of this year, an investigation at the operator Velvet Medical SRL and found a violation of the provisions of art. 12 para. (1) – (4) of the General Data Protection Regulation (GDPR), in relation to art. 15 para. (3) of the GDPR.

As such, the operator was penalized with a fine of 4,976.4 lei, the equivalent of 1,000 EURO .

The investigation was initiated following a complaint by the petitioner alleging the refusal of the operator Velvet Medical SRL to comply with his request to receive medical data, namely the documents from the medical file. Subsequently, the petitioner submitted a new request for access to his data, but the operator did not respond this time either.

During the investigation, the National Supervisory Authority found that Velvet Medical SRL did not present evidence showing that it responded to the petitioner’s request through which he had exercised his right of access to his medical data.

It was also found that the controller did not present evidence of communication of an appropriate and complete response to the second access request of the petitioner addressed to the controller, thus violating the provisions of art. 12 para. (1) – (4) of the GDPR, in relation to art. 15 para. (3) of the GDPR.

At the same time, pursuant to the provisions of art. 58 para. (2) letters c) and d) of Regulation (EU) 2016/679, the operator Velvet Medical SRL was also ordered to take the following corrective measures:

  • to send a complete response to the request of the petitioner, by e-mail, from the official address of the operator, by securely communicating the requested personal data, in accordance with the provisions of art. 15 para. (3) and (4) of the GDPR;
  • to ensure compliance with the GDPR of personal data processing operations, by adopting the necessary technical and organizational measures, including in terms of appropriate training of the personnel designated for this purpose, so that the operator is able to analyze, correctly resolve and respond appropriately to requests by which data subjects exercise their rights, within the deadlines and according to the conditions provided for in art. 12-23 of the GDPR.    

https://www.dataprotection.ro/index.jsp?page=Comunicat_Presa_27.02.2025&lang=ro

Redazione
27 February 2025

Recommended to you

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

6 March, 2025

LATVIAN SUPERVISORY AUTHORITY: A list of processing operations that are not required to be...

6 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Arion Bank hf.’s processing of personal data for marketing purposes and...

6 March, 2025

GERMAN SUPERVISORY AUTHORITY: BfDI participates in Europe-wide review of the right to erasure

5 March, 2025

DANISH SUPERVISORY AUTHORITY: EDPB launches coordinated action on the right to erasure

5 March, 2025

Vulnerability in Apache Tomcat (AL04/241217/CSIRT-ITA)

4 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

4 March, 2025

CISCO Product Updates (AL01/230112/CSIRT-ITA)

4 March, 2025

Android Security Updates (AL02/250304/CSIRT-ITA)

4 March, 2025

Vulnerability in Progress WhatsUp Gold (AL02/240627/CSIRT-ITA) – Update (AL02/240627/CSIRT-ITA)

4 March, 2025

ManageEngine: vulnerability fixed (AL01/250304/CSIRT-ITA)

4 March, 2025

Mautic: Public PoC for CVE-2024-47051 Exploitation (AL02/250303/CSIRT-ITA)

3 March, 2025

CANADIAN SUPERVISORY AUTHORITY: seeks Federal Court order requiring Pornhub operator to comply with Canadian...

3 March, 2025

Security Updates for Synology Products (AL01/250303/CSIRT-ITA)

3 March, 2025

7-Zip vulnerability fixed (AL02/250122/CSIRT-ITA)

28 February, 2025

Vulnerability in PostgreSQL (AL01/250214/CSIRT-ITA)

28 February, 2025

ITALIAN SUPERVISORY AUTHORITY: Fetus Cemetery: Sanctioned the Municipality of Brescia

28 February, 2025

 ITALIAN SUPERVISORY AUTHORITY: a credit rehabilitation company fined for 70 thousand euros

28 February, 2025

ITALIAN SUPERVISORY AUTHORITY: Fetus Cemetery: Sanctioned the Municipality of Brescia

28 February, 2025

ITALIAN SUPERVISORY AUTHORITY: ok to telemedicine with more guarantees for personal data

28 February, 2025

Advanced Research