Romania

Tehnoplus Industry SRL

5,000 €

GDPR enforcement action by Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) on 2023-03-23.

Rank · Sector

#131

of 213 in Employment

Rank · Romania

#78

of 283

Rank · All fines

#1,785

of 3,050

Case details

Authority: Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Date: 2023-03-23
Controller / Processor: Tehnoplus Industry SRL
Sector: Employment
Quoted Articles: Art. 5 (1) a), c), e) GDPR, Art. 5 (2) GDPR, Art. 6 GDPR
Type of violation: Non-compliance with general data processing principles

Summary

The Romanian DPA has imposed a fine of EUR 5,000 on Tehnoplus Industry SRL.
An employee of the company had filed a complaint with the DPA because the controller had installed a GPS system in their company vehicle for the purpose of monitoring the vehicle without providing them with sufficient information about such installation. During its investigation, the DPA also found that the controller was processing the GPS data outside working hours and for purposes other than originally intended. The DPA considered this to be a violation of the principle of data minimization. In addition, the controller was unable to prove that it did not store the data for longer than legally permitted.

Open original source Links to the regulator's original publication or another source.