S.C. Marsorom S.R.L. – €3,000 Fine (Romania, 2020)

€3,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal21 September 2020Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The DPA conducted the investigation after being notified that on the website in question, some personal data of the website's customers were visible. If customers placed an order on the website, some of their personal data could be accessed without authorisation. Did the website operator, in its role as data controller, take sufficient technical and organisational measures to protect the personal data of its customers? Furthermore, did the controller act in breach of the storage limitation principle? The ANSPDCP held that the controller failed to take appropriate measures and breached the storage limitation principle enshrined in Article 5(1)(e) GDPR, and also failed to fulfill its obligation under Articles 25 and 32 GDPR. Consequently, the DPA issued a €3000 fine and recommended the website operator to establish a shorter storage period for the personal data associated with the accounts of its customers.

GDPR Articles Cited

Art. 25(GDPR)
Art. 32(GDPR)
Art. 5(1)(e) GDPR
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll S.C. Marsorom S.R.L. actions
Full Legal Summary

The DPA conducted the investigation after being notified that on the website in question, some personal data of the website's customers were visible. If customers placed an order on the website, some of their personal data could be accessed without authorisation. Did the website operator, in its role as data controller, take sufficient technical and organisational measures to protect the personal data of its customers? Furthermore, did the controller act in breach of the storage limitation principle? The ANSPDCP held that the controller failed to take appropriate measures and breached the storage limitation principle enshrined in Article 5(1)(e) GDPR, and also failed to fulfill its obligation under Articles 25 and 32 GDPR. Consequently, the DPA issued a €3000 fine and recommended the website operator to establish a shorter storage period for the personal data associated with the accounts of its customers.

Related Enforcement Actions (0)

No other enforcement actions found for S.C. Marsorom S.R.L. in RO

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

21 September 2020

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€3,000

Enforcement Tracker ID

ETid-420

GDPRhub ID

gdprhub-2806

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. S.C. Marsorom S.R.L. - Romania (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: