Kredyt Inkaso Investments RO S.A

€5,000

Insufficient legal basis for data processing

Дата на решението

18 май 2022 г.

Орган

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)

RO

Сектор

Finance, Insurance and Consulting

Държава

RO

Право

GDPR

Статус

FINAL

Описание

The Romanian DPA has fined Kredyt Inkaso Investments RO S.A. EUR 5,000. A data subject had filed a complaint with the DPA against the controller for having disclosed their personal data and that of their minor child to medical institutions without authorization and without the data subject having any relationship with the institutions. During its investigation, the DPA found that the controller had disclosed data such as home address, professional status, as well as data from the employment contract. In addition, the DPA found that the controller had not notified the DPA of the data breach in a timely manner required by Art. 33 GDPR.

Правни цитати

Art. 5Art. 6Art. 9Art. 33

Въпроси и нарушения

Insufficient legal basis for data processing
Вижте официалния документ
Обратно към базата данни с глоби
Предишна глоба
Spanish Data Protection Authority (aepd) - Vodafon...
Следваща глоба
Data Protection Authority of Hamburg (HmbBfDI) - C...

Бъдете информирани за прилагането на поверителността

Уважаваме поверителността ви. Един имейл на месец, без спам, отпишете се по всяко време.