S.C. Marsorom S.R.L. – €3,000 Fine (Romania, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
S.C. Marsorom S.R.L. allowed some customers' personal data to be visible on their website, which is a serious privacy issue. This is important because it shows that businesses need to take strong security measures to protect customer information. The fine of €3,000 serves as a warning to other companies to improve their data protection practices.
What happened
S.C. Marsorom S.R.L. failed to secure customer personal data, making it accessible without authorization.
Who was affected
Customers of S.C. Marsorom S.R.L. whose personal data was exposed on the website.
What the authority found
The authority ruled that S.C. Marsorom S.R.L. did not take adequate measures to protect personal data, violating GDPR's storage limitation principle.
Why this matters
This ruling highlights the need for businesses to implement effective security measures to protect personal data. Companies should regularly review their data handling practices to avoid similar issues.
GDPR Articles Cited
The DPA conducted the investigation after being notified that on the website in question, some personal data of the website's customers were visible. If customers placed an order on the website, some of their personal data could be accessed without authorisation. Did the website operator, in its role as data controller, take sufficient technical and organisational measures to protect the personal data of its customers? Furthermore, did the controller act in breach of the storage limitation principle? The ANSPDCP held that the controller failed to take appropriate measures and breached the storage limitation principle enshrined in Article 5(1)(e) GDPR, and also failed to fulfill its obligation under Articles 25 and 32 GDPR. Consequently, the DPA issued a €3000 fine and recommended the website operator to establish a shorter storage period for the personal data associated with the accounts of its customers.
Related Enforcement Actions (0)
No other enforcement actions found for S.C. Marsorom S.R.L. in RO
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
21 September 2020
Authority
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Fine Amount
€3,000
Enforcement Tracker ID
ETid-420
GDPRhub ID
gdprhub-2806About this data
Cite as: Cookie Fines. S.C. Marsorom S.R.L. - Romania (2020). Retrieved from cookiefines.eu
Last updated: