The National Supervisory Authority for the Processing of Personal Data completed an investigation at the operator PPC Energie Muntenia SA and found a violation of the provisions of art. 17 of Regulation (EU) 2016/679.

As such, the operator was penalized with a fine of 4,977.1 lei (the equivalent of 1,000 EURO).

The investigation was started as a result of a complaint submitted by a concerned person who indicated that he had received unsolicited commercial messages on his e-mail address.

During the investigation, it was found that the person concerned exercised his right of deletion several times regarding the termination of the processing of his e-mail address by the operator.

Although the data subject has received confirmation that the said e-mail address will no longer be used for the indicated place of consumption and will be deleted from the database, and the account created with the petitioner’s e-mail address has been deleted, the operator continued to send electronic messages.

As such, the operator did not comply with the client’s requests by which he requested the termination of processing by deleting his e-mail from this database, thus violating the provisions of art. 17 of Regulation (EU) 2016/679.

At the same time, pursuant to art. 58 para. (2) lit. c) of the RGPD, it was decided against the operator and the corrective measure to review/update/implement some internal procedures regarding the way to resolve the requests submitted by the persons concerned pursuant to art. 12-22 of Regulation (EU) 679/2016, compliance in all cases with the applicable provisions regarding the analysis and resolution of these requests without delay, so that the operator ensures that it effectively responds to the requests through which the rights of the persons concerned are exercised, as well as regular training of the operator’s staff in this regard.

https://www.dataprotection.ro/index.jsp?page=Comunicat_Presa_08_11_2024&lang=ro