Hora Credit IFN SA – €14,000 Fine (Romania, 2019)

€14,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal10 December 2019Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Hora Credit IFN SA was fined for sending personal data to the wrong email address and failing to report the breach. This case is important because it shows the need for strong data verification processes and timely breach notifications. Companies must ensure data accuracy and report breaches quickly to avoid penalties.

What happened

Hora Credit IFN SA sent personal data to an incorrect email address and did not report the breach in time.

Who was affected

Individuals whose personal data was mistakenly sent to the wrong email address.

What the authority found

The Romanian authority fined Hora Credit IFN SA for inadequate data verification, insufficient security measures, and failing to report a data breach within 72 hours, violating GDPR Articles 5, 25, 32, and 33.

Why this matters

This case highlights the critical need for companies to implement effective data validation and security measures. It also stresses the importance of timely breach notifications, reminding businesses of their responsibilities under GDPR to protect personal data and report incidents promptly.

GDPR Articles Cited

Art. 5 GDPR
Art. 25 GDPR
Art. 32 GDPR
Art. 33 GDPR
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll Hora Credit IFN SA actions
Full Legal Summary
Detailed

The sanctions were applied as a result of a complaint alleging that Hora Credit IFN SA transmitted documents containing personal data of another person to a wrong e-mail address. Following the investigation it was found that Hora Credit IFN SA processed the data without providing effective mechanisms for verifying and validating the accuracy of the data collected processed according to the principles set out in art. 5 of the GDPR. It was also found that the operator did not take sufficient security measures for personal data, according to art. 25 and 32 of the GDPR, so as to avoid unauthorized and accessible disclosure of personal data to third parties. At the same time, Hora Credit IFN SA did not notify the Supervisory Authority of the security incident that was brought to its notice, according to art. 33 of the GDPR, within 72 hours from the date it became aware of it. The fine consists of three partial fines of EUR 3000, EUR 10000 and EUR 1000.

Related Enforcement Actions (1)

Other enforcement actions involving Hora Credit IFN SA in RO

Current
Dec 2019

Fine

€14K

Fine
Dec 2023· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

The Romanian DPA imposed a fine of EUR 24,000 on Hora Credit IFN SA. The controller had accidentally sent documents containing the personal data of an...

€24K

Details

Fine Date

10 December 2019

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€14,000

Enforcement Tracker ID

ETid-176

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Hora Credit IFN SA - Romania (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: