Kredyt Inkaso Investments RO S.A – €5,000 Fine (Romania, 2022)

€5,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal18 May 2022Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Romanian company, Kredyt Inkaso Investments RO S.A, was fined EUR 5,000 for sharing personal data without permission. They also failed to report a data breach on time. This case highlights the importance of handling personal data responsibly and notifying authorities promptly when breaches occur.

What happened

Kredyt Inkaso Investments RO S.A disclosed personal data to medical institutions without authorization.

Who was affected

Individuals whose personal data, including home address and professional status, were shared without consent.

What the authority found

The Romanian DPA found that Kredyt Inkaso Investments RO S.A violated GDPR by sharing data without a valid legal basis and failing to report a data breach promptly.

Why this matters

This case underscores the need for companies to ensure they have a valid reason for processing personal data and to report breaches quickly. It serves as a reminder to businesses to review their data handling and breach notification procedures.

GDPR Articles Cited

Art. 5(GDPR)
Art. 6(GDPR)
Art. 9(GDPR)
Art. 33(GDPR)
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll Kredyt Inkaso Investments RO S.A actions
Full Legal Summary
Detailed

The Romanian DPA has fined Kredyt Inkaso Investments RO S.A. EUR 5,000. A data subject had filed a complaint with the DPA against the controller for having disclosed their personal data and that of their minor child to medical institutions without authorization and without the data subject having any relationship with the institutions. During its investigation, the DPA found that the controller had disclosed data such as home address, professional status, as well as data from the employment contract. In addition, the DPA found that the controller had not notified the DPA of the data breach in a timely manner required by Art. 33 GDPR.

Related Enforcement Actions (0)

No other enforcement actions found for Kredyt Inkaso Investments RO S.A in RO

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

18 May 2022

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€5,000

Enforcement Tracker ID

ETid-1170

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Kredyt Inkaso Investments RO S.A - Romania (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: