Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
ROMANIAN SUPERVISORY AUTHORITY: Penalty for breach of GDPR

ROMANIAN SUPERVISORY AUTHORITY: Penalty for breach of GDPR

The National Supervisory Authority for Personal Data Processing has completed an investigation at the controller VESTAS CEU ROMÂNIA SRL and found a breach of Article 32 para. (1) lit. b) and Art. 32 para. (2) and para. (4) of Regulation (EU) 2016/679.

As such, the controller was fined 14,928 lei (equivalent to 3,000 EUR).

The investigation was initiated following the transmission by the controller of a personal data breach notification under Article 33 of Regulation (EU) 2016/679.

The data breach occurred as a result of the unauthorised disclosure of personal data (name, place of residence, salary, CV (containing, as the case may be: photo, contact details, address, nationality, date of birth, gender, marital status, military service status, referrals to social media profiles, professional experience, education, technical skills), as well as copies of passports) for a significant number of employees, this data being accessed internally, repeatedly, and illegally disclosed to a third party.

The investigation found that the controller did not implement adequate technical and organisational measures to ensure a level of security appropriate to the risk presented by the processing, in particular, arising from unauthorised disclosure or unauthorised access to stored personal data.

At the same time, pursuant to Article 58 para. (2) letter d) of the GDPR, the corrective measure of implementing a solution to monitor the application of the working procedures implemented was also ordered against the operator VESTAS CEU ROMÂNIA SRL, in order to avoid similar security incidents.

https://www.dataprotection.ro/index.jsp?page=Comunicat_Presa_26.02.2024&lang=ro

Recommended to you

Advanced Research