Rompetrol Downstream SRL – €110,000 Fine (Romania, 2023)

€110,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal13 November 2023Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Rompetrol Downstream SRL faced a €110,000 fine after a data breach allowed unauthorized access to customer data. This incident is significant because it emphasizes the need for companies to implement strong security measures to protect personal information.

What happened

Rompetrol suffered a data breach where customer data was accessed and used without authorization.

Who was affected

Customers whose personal data, including identity card numbers and addresses, was accessed during the breach.

What the authority found

The Romanian DPA found that Rompetrol did not take adequate security measures to protect personal data, violating GDPR security requirements.

Why this matters

This ruling serves as a reminder for companies to prioritize data security and implement effective measures to prevent unauthorized access. It reflects a growing trend of accountability for businesses in protecting customer information.

GDPR Articles Cited

AI-verified

Art. 32(1)(b) GDPR
View original scraped data
Art. 32(1)(b) GDPR
(2)
(4) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
verified correct
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll Rompetrol Downstream SRL actions
Full Legal Summary
Detailed

The Romanian DPA has imposed a fine of EUR 110,000 on Rompetrol Downstream SRL. The controller had suffered a data breach in which customer data was repeatedly accessed and used internally without authorization. This resulted in the unauthorized disclosure of personal data such as identity card number, name, address, place of birth, etc. The DPA found that the controller had not taken measures to ensure that any person who has access to personal data only processes it at the controller's instruction, nor had it taken appropriate technical and organizational measures to ensure a level of security appropriate to the risk of the processing.

Related Enforcement Actions (0)

No other enforcement actions found for Rompetrol Downstream SRL in RO

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

13 November 2023

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€110,000

Enforcement Tracker ID

ETid-2112

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Rompetrol Downstream SRL - Romania (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: