BRISTOL LOGISTICS SA
Insufficient technical and organisational measures to ensure information security
決定日期
2023年1月12日
權限
Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
RO
部門
Transportation and Energy
國家
RO
法律
GDPR狀態
FINAL說明
The Romanian DPA has imposed a fine of EUR 10,000 on BRISTOL LOGISTICS SA. The DPA received a notification from BRISTOL LOGISTICS SA of a personal data breach under Art. 33 GDPR. The notification stated that a binder containing the personnel files of 12 employees had been stolen, which led to unauthorized persons having access to personal data. The DPA considered this to be a violation of Art. 32 GDPR, as the municipality had failed to implement appropriate technical and organizational measures to ensure a level of protection commensurate with the risk.