Select your nation of interest

Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

The National Supervisory Authority for the Processing of Personal Data completed, in December 2024, an investigation at the operator SPEEH HIDROELECTRICA SA and found a violation of art. 25 para. (1) and para. (2) of Regulation (EU) 2016/679.

As such, the operator was fined 74,562 Lei (equivalent to 15,000 Euros).

The investigation was initiated following the transmission by the operator SPEEH HIDROELECTRICA SA of a notification of a personal data breach, according to the provisions of art. 33 of Regulation (EU) 2016/679.

During the investigation, it was found that the personal data security breach occurred within and at the time of launching the operator’s application, as a result of a technical error and the failure to sufficiently test it in a test environment, which would simulate the real usage environment in all processes and interactions with other applications used by the operator.

This situation led to the loss of integrity and availability of personal data, respectively to unauthorized disclosure and/or unauthorized access to personal data belonging to a significant number of data subjects.

Consequently, since the operator did not process personal data in a manner that ensures adequate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures, it was fined for violating the provisions of art. 25 para. (1) and para. (2) of Regulation (EU) 2016/679.

At the same time, the operator was ordered to take the corrective measure of technical and procedural implementation of a test plan in the test environment, which would simulate the real production scenario in all plausible situations in the production environment, prior to the launch into production of all components/applications that are intended to be introduced within the activities that include personal data processing.

The operator paid the established misdemeanor fine.

https://www.dataprotection.ro/index.jsp?page=Comunicat_Presa_31.01.2025_1&lang=ro

Redazione
31 January 2025

Recommended to you

HONG KONG SUPERVISORY AUTHORITY: Publishes Investigation Findingson the Data Breach Incident of the Companies...

12 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

11 March, 2025

LATVIAN SUPERVISORY AUTHORITY: Can my personal data be transferred to extrajudicial debt collection or...

11 March, 2025

CROATIAN SUPERVISORY AUTHORITY: A new coordinated action by the EDPB has begun: the right...

11 March, 2025

CISCO Product Updates (AL01/230112/CSIRT-ITA)

10 March, 2025

HONG KONG SUPERVISORY AUTHORITY: A Female Arrested for Suspected Doxxing Arising from Online Shopping Dispute

10 March, 2025

Vulnerability in QNAP Products (AL01/250310/CSIRT-ITA)

10 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Information obligation for automated decision-making

7 March, 2025

IRISH SUPERVISORY AUTHORITY: The DPC’s handling of Subject Access Requests

7 March, 2025

Vulnerabilities in ServiceNow Products (AL01/250307/CSIRT-ITA)

7 March, 2025

Kibana Updates (AL01/250306/CSIRT-ITA)

7 March, 2025

Security Updates for LibreOffice (AL02/250306/CSIRT-ITA)

6 March, 2025

Security Updates for Google Pixel Devices (AL03/250306/CSIRT-ITA)

6 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

6 March, 2025

Fortinet Security Updates (AL02/250212/CSIRT-ITA)

6 March, 2025

LATVIAN SUPERVISORY AUTHORITY: A list of processing operations that are not required to be...

6 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Arion Bank hf.’s processing of personal data for marketing purposes and...

6 March, 2025

Fixed vulnerability in Django (AL04/250306/CSIRT-ITA)

6 March, 2025

Fixed vulnerabilities in Cisco products (AL05/250306/CSIRT-ITA)

6 March, 2025

PORTUGUESE SUPERVISORY AUTHORITY: CNPD PARTICIPATES IN THE EUROPEAN COORDINATED SUPERVISORY ACTION ON THE RIGHT...

6 March, 2025

Advanced Research