Vodafone România SA – €3,000 Fine (Romania, 2020)

€3,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal11 February 2020Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Vodafone România SA was fined for sending personal data to the wrong email address while handling a customer's complaint. This mistake showed that the company didn't have strong enough security measures in place. This case highlights the importance of protecting customer information accurately.

What happened

Vodafone România SA transmitted personal data to an incorrect email address during a complaint process.

Who was affected

Customers whose personal data was mishandled by Vodafone România SA.

What the authority found

The authority found that Vodafone România SA failed to implement sufficient security measures, violating GDPR principles of accuracy and confidentiality.

Why this matters

This ruling emphasizes that companies must take strong security measures to protect personal data. It serves as a reminder for all businesses to regularly review their data handling practices.

GDPR Articles Cited

AI-verified

Art. 5(1)(d) GDPR
Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 58(2)(d) GDPR
View original scraped data
Art. 5(1)(d) GDPR
Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 58(2)(d) GDPR

Original data from scraper before AI verification against source document.

Source verified 15 March 2026
verified correct
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll Vodafone România SA actions
Full Legal Summary
Detailed

The ANSPDCP carried out investigation against the Romanian telecommunication operator Vodafone România SA. The company transmitted personal data to inaccurate e-mail address while handling a data subject's complaint. Did the controller processed personal data in line with the GDPR principles? The ANSPDCP found that the company processed personal data without having implemented sufficient security measures. Thus it violated the principles of accuracy, integrity and confidentiality as laid down in Article 5(1)(d) and (f) GDPR read in conjunction with the principle of accountability according to Article 5(2) GDPR. The ANSPDCP imposed a fine of 14308.8 lei (equivalent to EUR. 3.000) and pursuant to Article 58(2)(d) GDPR it ordered the complany to put in place efficient technical and organisational measures within 30 days.

Related Enforcement Actions (3)

Other enforcement actions involving Vodafone România SA in RO

Current
Feb 2020

Fine

€3K

Fine
Nov 2020· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

The Romanian DPA (ANSPDCP) imposed a fine in the amount of EUR 4,000 on Vodafone România SA. The fine was imposed as a result of complaints alleging t...

€4K
Fine
Nov 2021· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

The Romanian DPA (ANSPDCP) has imposed a fine of EUR 2,900 on VODAFONE România S.A.. The company had reported a data breach to the DPA in accordance w...

€3K
Fine
Sept 2024· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

The Romanian DPA has imposed a fine of EUR 3,000 on Vodafone România SA for failing to respond to a data subject's request for access and deletion of ...

€3K

Details

Fine Date

11 February 2020

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€3,000

GDPRhub ID

gdprhub-2209

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Vodafone România SA - Romania (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: