Casa Rusu S.R.L. – €2,000 Fine (Romania, 2022)

€2,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal9 December 2022Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Casa Rusu S.R.L. was fined EUR 2,000 for not protecting customer bank data during online payments. The company used an unauthorized form that exposed sensitive information like card numbers and CVC codes. This case highlights the importance of securing payment processes to protect customer data.

What happened

Casa Rusu S.R.L. collected customer bank data through an unauthorized form, leading to a data breach.

Who was affected

Customers who made payments on Casa Rusu S.R.L.'s website had their bank card details exposed.

What the authority found

The Romanian DPA found that Casa Rusu S.R.L. did not implement proper security measures to protect personal data, violating GDPR requirements.

Why this matters

This case emphasizes the need for businesses to use secure methods when handling payment data online. Companies should ensure their systems are compliant with GDPR to avoid breaches and penalties.

GDPR Articles Cited

Art. 25(1) GDPR
Art. 32(1)(b) GDPR
Art. 32(2) GDPR
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll Casa Rusu S.R.L. actions
Full Legal Summary
Detailed

The Romanian DPA has imposed a fine of EUR 2,000 on Casa Rusu S.R.L. . The controller had reported a data breach to the DPA pursuant to Art. 33 GDPR. The controller had used an unauthorized form during the payment process on its website, through which the bank data of the customer cards were collected. This allowed unauthorized access to personal data such as the first and last name of the affected bank cardholder, card number, expiration date and year, CVC code. During its investigation, the DPA found that the controller failed to take appropriate technical and organizational measures to protect personal data.

Related Enforcement Actions (0)

No other enforcement actions found for Casa Rusu S.R.L. in RO

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

9 December 2022

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€2,000

Enforcement Tracker ID

ETid-1520

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Casa Rusu S.R.L. - Romania (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: