VESTA CEU ROMÂNIA SRL. – €3,000 Fine (Romania, 2024)

€3,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal26 February 2024Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

VESTA CEU ROMÂNIA SRL was fined EUR 3,000 for a data breach where they shared personal information without permission. This incident highlights the importance of protecting personal data to prevent unauthorized access. Small businesses need to ensure they have strong security measures in place to avoid similar breaches.

What happened

VESTA CEU ROMÂNIA SRL disclosed personal data, including names and salaries, to employees without authorization.

Who was affected

Employees of VESTA CEU ROMÂNIA SRL who accessed the personal data illegally.

What the authority found

The Romanian data protection authority found that VESTA CEU ROMÂNIA SRL failed to implement adequate security measures to protect personal data.

Why this matters

This case serves as a warning that companies must take data protection seriously. Small businesses should review their security practices to prevent unauthorized access to personal information.

GDPR Articles Cited

AI-verified

Art. 32(1)(b) GDPR
Art. 32(2) GDPR
View original scraped data
Art. 32(1) b) GDPR
Art. 32(2) GDPR
(4) GDPR

Original data from scraper before AI verification against source document.

Source verified 15 March 2026
articles corrected
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll VESTA CEU ROMÂNIA SRL. actions
Full Legal Summary
Detailed

The Romanian DPA has imposed a fine of EUR 3,000 on VESTA CEU ROMÂNIA SRL. The controller had reported a data breach to the DPA pursuant to Art. 33 GDPR. The controller had disclosed personal data such as name, place of residence, salary, CV and copies of passports to employees without authorization, who then accessed the data internally and illegally passed it on to third parties. According to the DPA, the controller had failed to implement adequate technical and organizational measures to protect personal data, which allowed such an incident to occur.

Related Enforcement Actions (0)

No other enforcement actions found for VESTA CEU ROMÂNIA SRL. in RO

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

26 February 2024

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€3,000

Enforcement Tracker ID

ETid-2210

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. VESTA CEU ROMÂNIA SRL. - Romania (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: