Kredyt Inkaso Investments RO S.A

€5,000

Insufficient legal basis for data processing

Дата принятия решения

18 мая 2022 г.

Авторитет

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)

RO

Сектор

Finance, Insurance and Consulting

Страна

RO

Закон

GDPR

Статус

FINAL

Описание

The Romanian DPA has fined Kredyt Inkaso Investments RO S.A. EUR 5,000. A data subject had filed a complaint with the DPA against the controller for having disclosed their personal data and that of their minor child to medical institutions without authorization and without the data subject having any relationship with the institutions. During its investigation, the DPA found that the controller had disclosed data such as home address, professional status, as well as data from the employment contract. In addition, the DPA found that the controller had not notified the DPA of the data breach in a timely manner required by Art. 33 GDPR.

Юридические цитаты

Art. 5Art. 6Art. 9Art. 33

Проблемы и нарушения

Insufficient legal basis for data processing
Посмотреть официальный документ
Вернуться к базе данных штрафов
Предыдущий штраф
Spanish Data Protection Authority (aepd) - Vodafon...
Следующий штраф
Data Protection Authority of Hamburg (HmbBfDI) - C...

Будьте в курсе событий, связанных с соблюдением конфиденциальности

Мы уважаем вашу конфиденциальность. Одно письмо в месяц, без спама, отказ от подписки в любое время.