Another sanction for violation of GDPR in Romania: The National Supervisory Authority for Personal Data Processing issues a new fine for FAN COURIER EXPRESS SRL, an important player in the courier services in Romania
On 25 November 2019, the National Supervisory Authority for Personal Data Processing (“ANSPDCP”) announced another fine applied in Romania as a result of the enforcement of the EU General Data Protection Regulation (“GDPR”) to FAN COURIER EXPRESS SRL for a personal data breach.
On 28 October 2019, ANSPDCP completed the investigation at FAN COURIER EXPRESS SRL by applying a fine of EUR 11,000 for failing to implement adequate technical and organizational measures that led to the loss of certain personal data and to the unauthorized disclosure/access to the personal data belonging to 1100 people that were affected by the security incident.
Although the controller had the obligation to take the adequate security measures of protecting the personal data according to the provisions of art. 5 paragraph (1) letter f) of the GDPR, after performing the investigation, ANSPDCP concluded that such measures were not implemented.