Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
ROMANIAN SUPERVISORY AUTHORITY: sanction for having breached the GDPR

ROMANIAN SUPERVISORY AUTHORITY: sanction for having breached the GDPR

The National Supervisory Authority has concluded an investigation in February with the operator S.C. Medicover S.R.L. and has detected the breach of the disposals of the article 32, paragraph 1, letter b) and paragraphs 2 and 4 of the General Data Protection Regulation.

The operator of the S.C. Medicover S.R.L. has been fined with a sanction of 9.749,6 lei (2.000 euros).

The investigation started after the transmission by the data controller of subsequent notifications of personal data breaches, which have reported the non authorized sharing of personal data as: name and surname, CNP, serial number and IC number, IC address, mailing address, contact phone and email, i.e. health name and data, transmitted to natural persons other than recipients, at the email address or postal address.

After the investigation, the Supervisory Authority has noticed that the data controller has not implemented the adequate technical and organizational measures in order to guarantee that each natural person, who is acting under the data controller’s authority, has the access to personal data, this has led to the non authorized sharing of personal data with natural persons different with the real recipients, the email address or the postal address.

The operator was also charged of the following corrective measures:

  • revising and updating all the technical and organizational measures implemented after the risk assessment for rights and freedoms of individuals, including working procedures related to personal data protection. As well as the implementation of measures about the regular training of people who are acting under its authority, regarding their obligations according to the GDPR disposals, including risks connected with personal data processing, by keeping in mind the specific nature of the activity including procedures of personal data protection and the training of the staff;
  • identifying and implementing measures in order to guarantee that personal data processed are accurate and updated depending on the purposes for which they are processed and that inaccurate personal data are deleted or rectified without undue delay (for example, a mechanisms in order to verify the duration of the email address at the time of the collection).

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA ROMANIA

Recommended to you

Advanced Research