S.C. Medicover S.R.L. – €2,000 Fine (Romania, 2021)

€2,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal23 March 2021Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Romania fined S.C. Medicover S.R.L. EUR 2,000 for not protecting personal data properly. The company sent sensitive information like health data to the wrong people multiple times. This matters because it highlights the importance of having strong data security measures.

What happened

S.C. Medicover S.R.L. was fined for sending personal data, including health information, to incorrect recipients due to inadequate security measures.

Who was affected

Patients whose personal and health data were mistakenly sent to the wrong people.

What the authority found

The Romanian DPA found that S.C. Medicover S.R.L. failed to implement proper security measures, violating GDPR's requirements for data protection.

Why this matters

This case underscores the need for companies to have effective data protection systems to prevent unauthorized access and disclosure. Businesses should regularly review and update their security practices to comply with GDPR.

GDPR Articles Cited

Art. 32(1)(b) GDPR
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll S.C. Medicover S.R.L. actions
Full Legal Summary
Detailed

In February, the Romanian DPA (ANSPDCP) closed an investigation against S.C. Medicover S.R.L. and found a violation of Art. 32 (1) b), (2), (4) GDPR. The DPA imposed a fine of EUR 2,000 on the controller. The investigation was initiated following successive notifications by the controller regarding personal data breaches related to unauthorized disclosure and unauthorized access to personal data such as name, correspondence address, email and health data of the data subjects. On several occasions, documents containing personal data had been sent to the wrong recipients. The DPA found that the incidents occurred due to the controller's failure to implement appropriate technical and organizational measures to protect the processing of personal data.

Related Enforcement Actions (0)

No other enforcement actions found for S.C. Medicover S.R.L. in RO

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

23 March 2021

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€2,000

Enforcement Tracker ID

ETid-606

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. S.C. Medicover S.R.L. - Romania (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: