Banca Comercială Română S.A. – €5,000 Fine (Romania, 2020)

€5,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal14 April 2020Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Romania's Banca Comercială Română was fined for not securing customer data properly. An employee used their personal phone and WhatsApp to handle sensitive documents, which violated security protocols. This case emphasizes the need for strict data security measures in financial institutions.

What happened

The bank failed to implement adequate security measures, allowing an employee to use personal devices for handling customer data.

Who was affected

Bank customers whose identity documents were mishandled by an employee using personal devices.

What the authority found

The Romanian data protection authority found the bank violated GDPR by not ensuring proper security measures for processing personal data.

Why this matters

This ruling stresses the importance of enforcing strict data security policies, especially in banks, to protect customer information. Companies should ensure employees follow secure data handling procedures to prevent breaches.

GDPR Articles Cited

Art. 32(1) GDPR
Art. 32(2) GDPR
Art. 32(4) GDPR
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll Banca Comercială Română S.A. actions
Full Legal Summary
Detailed

Following a complaint, the ANSPDCP initiated investigation against the Romanian Bank Banca Comercială Română. The ANSPDCP found that the Bank "has not implemented adequate technical and organizational measures to ensure a level of security appropriate to the risk of processing. At the same time, the controller has not taken measures to ensure that any natural person acting under his authority who has access to personal data only processes them at his request, unless this obligation is incumbent on him under the law. Union or national law. Thus, it was found that there was a collection of copies of identity documents of individual customers (minors and legal representatives) through the personal phone of an employee of the operator, as well as transmissions of copies of these documents to the operator, through the Whatsapp application, in violation of the internal working procedure."

Related Enforcement Actions (1)

Other enforcement actions involving Banca Comercială Română S.A. in RO

Current
Apr 2020

Fine

€5K

Fine
May 2021· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

The Romanian DPA (ANSPDCP) has fined Banca Comercială Română S.A. EUR 2,000. A data subject had initiated a complaint with the DPA because the control...

€2K

Details

Fine Date

14 April 2020

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€5,000

GDPRhub ID

gdprhub-2337

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Banca Comercială Română S.A. - Romania (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: