Vodafone Romania S.A. – €15,000 Fine (Romania, 2025)

€15,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal20 January 2025Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Vodafone Romania S.A. was fined €15,000 for not protecting customer data properly. They repeatedly shared personal information like names and email addresses because of poor security practices. This case highlights the importance of having strong security measures to protect customer information.

What happened

Vodafone Romania S.A. disclosed personal data due to inadequate security measures.

Who was affected

Customers whose names, email addresses, and customer numbers were improperly shared.

What the authority found

The Romanian DPA found that Vodafone failed to implement appropriate technical and organizational measures to protect personal data.

Why this matters

This ruling emphasizes that companies must prioritize data security to avoid breaches. Small businesses should regularly review their security practices to protect customer information.

GDPR Articles Cited

AI-verified

Art. 32(1)(b) GDPR
Art. 32(4) GDPR
View original scraped data
Art. 32(1) b) GDPR
Art. 32(4) GDPR

Original data from scraper before AI verification against source document.

Source verified 13 March 2026
verified correct
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll Vodafone Romania S.A. actions
Full Legal Summary
Detailed

The Romanian DPA has imposed a fine of EUR 15,000 on Vodafone Romania S.A. Personal data such as names, email addresses and customer numbers were repeatedly disclosed due to inadequate security measures, e.g. the unauthorized sending of invoice details or incorrect use of the “BCC” function. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data.

Related Enforcement Actions (2)

Other enforcement actions involving Vodafone Romania S.A. in RO

Fine
Oct 2024· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

The Romanian DPA fined Vodafone Romania S.A. EUR 5,000 for sending emails to different recipients without including them in the blind carbon copy (BCC...

€5K
Current
Jan 2025

Fine

€15K

Fine
Jun 2025· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

The Romanian DPA has imposed a fine of EUR 4,000 on Vodafone Romania S.A. The controller failed to implement sufficient technical and organisational m...

€4K

Details

Fine Date

20 January 2025

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€15,000

Enforcement Tracker ID

ETid-2503

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Vodafone Romania S.A. - Romania (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: