Uipath SRL – €70,000 Fine (Romania, 2023)

€70,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal21 August 2023Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Uipath SRL faced a fine of EUR 70,000 for a data breach that exposed personal information of 600,000 users. The Romanian data protection authority found that Uipath failed to take proper steps to protect this data. This case highlights the importance of implementing strong security measures to safeguard user information.

What happened

Uipath SRL was fined for failing to protect personal data, which was accessible through a URL due to inadequate security measures.

Who was affected

About 600,000 users of Uipath's academy platform had their personal information exposed.

What the authority found

The authority determined that Uipath did not implement sufficient technical and organizational measures to protect personal data, violating GDPR requirements.

Why this matters

This ruling emphasizes that companies must prioritize data security to prevent breaches. Small businesses should review their security practices to avoid similar issues.

GDPR Articles Cited

Art. 25(GDPR)
Art. 32(GDPR)
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll Uipath SRL actions
Full Legal Summary
Detailed

The Romanian DPA has imposed a fine of EUR 70,000 on Uipath SRL. The controller had notified the DPA of a data breach pursuant to Art. 33 GDPR. During its investigation, the DPA found that personal data (first and last name, email address, employment details, etc.) of 600,000 users of the academy platform could unauthorizedly be accessed via a URL address. The DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data, which allowed such an incident to occur.

Related Enforcement Actions (0)

No other enforcement actions found for Uipath SRL in RO

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

21 August 2023

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€70,000

Enforcement Tracker ID

ETid-2013

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Uipath SRL - Romania (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: