Actamedica SRL

€3,000

Insufficient technical and organisational measures to ensure information security

Date de décision

24 août 2021

Autorité

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)

RO

Secteur

Health Care

Pays

RO

Droit

GDPR

Statut

FINAL

Description

The Romanian DPA (ANSPDCP) has fined Actamedica SRL EUR 3,000. The controller had informed a private individual about the loss of her biological samples and a sum of money sent via a courier service. When asked what personal data had been disclosed on this occasion and whether the ANSPDCP had been informed of this incident, the controller only provided the contact details of his lawyer and an e-mail address of the courier service to which the private individual could address her complaint. The ANSPDCP found a breach of the controller's obligation to implement technical and organizational measures to ensure a level of protection appropriate to the risk to data subjects, as well as a breach of the controller's obligation to notify the ANSPDCP of the data breach.

Citations légales

Art. 28 (1)Art. 32Art. 33

Questions et violations

Insufficient technical and organisational measures to ensure information security
Voir le document officiel
Retour à la base de données des amendes
Précédent Amende
Spanish Data Protection Authority (aepd) - Agency...
Prochaine amende
Data Protection Authority of Hamburg (HmbBfDI) - C...

Restez informé sur l'application de la législation en matière de protection de la vie privée

Nous respectons votre vie privée. Un courriel par mois, pas de spam, désabonnement à tout moment.