Sanatatea Press Group S.R.L. – €2,000 Fine (Romania, 2020)

€2,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal12 August 2020Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Sanatatea Press Group mistakenly sent login information of 1,300 participants to the wrong email addresses during an online event. This breach exposed personal data, including names and email addresses. The fine of €2,000 emphasizes the need for companies to protect user information and ensure secure data handling.

What happened

Sanatatea Press Group accidentally disclosed the names and email addresses of 1,300 participants by sending their login data to incorrect email addresses.

Who was affected

The 1,300 participants who had their personal information disclosed without authorization.

What the authority found

The Romanian data protection authority determined that Sanatatea Press Group violated data protection rules by failing to secure personal data.

Why this matters

This incident underscores the critical need for companies to implement strong data security measures. It serves as a warning that even unintentional mistakes can lead to financial penalties.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
Art. 32(1) GDPR
Art. 32(2) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 32(1) GDPR
Art. 32(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 16 March 2026
verified correct
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll Sanatatea Press Group S.R.L. actions
Full Legal Summary
Detailed

In the context of an online event that it was organising, the data controller erroneously sent the login data of 1300 participants to other email addresses than the ones that the users had created their accounts with. The data breach led to the unauthorised disclosure of the names and email addresses of the data subjects. The data controller notified the ANSPDCP of the data breach, which triggered the DPA's investigation. Therefore, there was no dispute with regards to the presence of a security incident. The DPA held that the controller had breached its obligations under Articles 5(1)(f), as well as 32(1) and (2). As a consequence, the ANSPDCP issued an administrative fine of €2000 against Sanatatea Press Group S.R.L.

Related Enforcement Actions (1)

Other enforcement actions involving Sanatatea Press Group S.R.L. in RO

Current
Aug 2020

Fine

€2K

Fine
Sept 2020· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Sending the personal data collected for the registration for an online course to other participants due to a technical failure.

€2K

Details

Fine Date

12 August 2020

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€2,000

GDPRhub ID

gdprhub-2685

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Sanatatea Press Group S.R.L. - Romania (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: