Select your nation of interest

Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

The National Supervisory Authority for Personal Data Processing completed, in February 2025, an investigation at the operator Noy Business Tranzactions SRL and found a violation of the provisions of art. 12 para. (1)-(4) in relation to art. 15 para. (3) and art. 17 of Regulation (EU) 2016/679.

As such, the operator was fined 4,977.3 lei (equivalent to 1,000 EURO).

The investigation was initiated following a complaint alleging a possible violation of the provisions of Regulation (EU) 2016/679. Thus, a customer complained that the operator did not provide him with a response to his request through which he exercised his right of access to his personal data (image), requesting the video camera recordings, from the period of his stay, at the hotel where he was accommodated, belonging to the operator.

During the investigation, the National Supervisory Authority for Personal Data Processing found that the operator did not communicate within the legal deadline an adequate and complete written response to the person’s request, through which he had exercised both the right of access and the right to deletion of his data.

As such, it was established that the provisions of art. 12 para. (1)-(4) of Regulation (EU) 2016/679, in relation to art. 15 para. (3) and art. 17 of the same European act, were violated.

At the same time, the following corrective measures were also taken against the operator :

  • to send a complete response to the request of the data subject, to the contact details indicated by him/her, by securely communicating the requested personal data, to the extent that they are still available, as well as information regarding the deletion of the data, by referring to the provisions of art. 15 para. (3) and (4), art. 17, in conjunction with art. 12 of Regulation (EU) 2016/679;
  • to ensure compliance with Regulation (EU) 2016/679 of personal data processing operations, by adopting the necessary technical and organizational measures, including in terms of appropriate training of the personnel designated for this purpose, so that the operator is able to analyze, correctly resolve and respond appropriately to requests by which data subjects exercise their rights, within the time limits and according to the conditions provided for in art. 12-23 of Regulation (EU) 2016/679.

https://www.dataprotection.ro/index.jsp?page=Comunicat_Presa_11.03.2025&lang=ro

Redazione
11 March 2025

Recommended to you

HONG KONG SUPERVISORY AUTHORITY: Publishes Investigation Findingson the Data Breach Incident of the Companies...

12 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

11 March, 2025

LATVIAN SUPERVISORY AUTHORITY: Can my personal data be transferred to extrajudicial debt collection or...

11 March, 2025

CROATIAN SUPERVISORY AUTHORITY: A new coordinated action by the EDPB has begun: the right...

11 March, 2025

CISCO Product Updates (AL01/230112/CSIRT-ITA)

10 March, 2025

HONG KONG SUPERVISORY AUTHORITY: A Female Arrested for Suspected Doxxing Arising from Online Shopping Dispute

10 March, 2025

Vulnerability in QNAP Products (AL01/250310/CSIRT-ITA)

10 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Information obligation for automated decision-making

7 March, 2025

IRISH SUPERVISORY AUTHORITY: The DPC’s handling of Subject Access Requests

7 March, 2025

Vulnerabilities in ServiceNow Products (AL01/250307/CSIRT-ITA)

7 March, 2025

Kibana Updates (AL01/250306/CSIRT-ITA)

7 March, 2025

Security Updates for LibreOffice (AL02/250306/CSIRT-ITA)

6 March, 2025

Security Updates for Google Pixel Devices (AL03/250306/CSIRT-ITA)

6 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

6 March, 2025

Fortinet Security Updates (AL02/250212/CSIRT-ITA)

6 March, 2025

LATVIAN SUPERVISORY AUTHORITY: A list of processing operations that are not required to be...

6 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Arion Bank hf.’s processing of personal data for marketing purposes and...

6 March, 2025

Fixed vulnerability in Django (AL04/250306/CSIRT-ITA)

6 March, 2025

Fixed vulnerabilities in Cisco products (AL05/250306/CSIRT-ITA)

6 March, 2025

PORTUGUESE SUPERVISORY AUTHORITY: CNPD PARTICIPATES IN THE EUROPEAN COORDINATED SUPERVISORY ACTION ON THE RIGHT...

6 March, 2025

Advanced Research