S.C. Marsorom S.R.L. – €3,000 Fine (Romania, 2020)

€3,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal21 September 2020Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Romanian company was fined for exposing customer data on its website. Customers' personal information was visible without authorization when they placed orders. This case shows the need for businesses to protect customer data and follow proper storage practices.

What happened

The company allowed some personal data of its customers to be accessed without authorization on its website.

Who was affected

Customers who placed orders on the website and had their personal data exposed.

What the authority found

The authority determined that the company failed to take adequate measures to protect customer data and did not comply with data storage rules.

Why this matters

This case highlights the importance of implementing strong security measures to protect customer data. Companies should regularly review their data handling practices to avoid similar issues.

GDPR Articles Cited

AI-verified

Art. 25(GDPR)
Art. 32(GDPR)
Art. 5(1)(e) GDPR
View original scraped data
Art. 5(1)(e) GDPR
Art. 25(GDPR)
Art. 32(GDPR)

Original data from scraper before AI verification against source document.

Source verified 15 March 2026
verified correct
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll S.C. Marsorom S.R.L. actions
Full Legal Summary
Detailed

The DPA conducted the investigation after being notified that on the website in question, some personal data of the website's customers were visible. If customers placed an order on the website, some of their personal data could be accessed without authorisation. Did the website operator, in its role as data controller, take sufficient technical and organisational measures to protect the personal data of its customers? Furthermore, did the controller act in breach of the storage limitation principle? The ANSPDCP held that the controller failed to take appropriate measures and breached the storage limitation principle enshrined in Article 5(1)(e) GDPR, and also failed to fulfill its obligation under Articles 25 and 32 GDPR. Consequently, the DPA issued a €3000 fine and recommended the website operator to establish a shorter storage period for the personal data associated with the accounts of its customers.

Related Enforcement Actions (1)

Other enforcement actions involving S.C. Marsorom S.R.L. in RO

Current
Sept 2020

Fine

€3K

Fine
Oct 2020· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Disclosure of personal data of customers on the companies website due to inadequate technical and organisational measures to ensure information securi...

€3K

Details

Fine Date

21 September 2020

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€3,000

GDPRhub ID

gdprhub-2806

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. S.C. Marsorom S.R.L. - Romania (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: