Romania

Hora Credit IFN SA

14,000 €

GDPR enforcement action by Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) on 2019-12-10.

Rank · Sector

#183

of 322 in Finance, Insurance and Consulting

Rank · Romania

#33

of 283

Rank · All fines

#1,231

of 3,050

Case details

Authority: Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Date: 2019-12-10
Controller / Processor: Hora Credit IFN SA
Sector: Finance, Insurance and Consulting
Quoted Articles: Art. 5 GDPR, Art. 25 GDPR, Art. 32 GDPR, Art. 33 GDPR
Type of violation: Insufficient technical and organisational measures to ensure information security

Summary

The sanctions were applied as a result of a complaint alleging that Hora Credit IFN SA transmitted documents containing personal data of another person to a wrong e-mail address. Following the investigation it was found that Hora Credit IFN SA processed the data without providing effective mechanisms for verifying and validating the accuracy of the data collected processed according to the principles set out in art. 5 of the GDPR. It was also found that the operator did not take sufficient security measures for personal data, according to art. 25 and 32 of the GDPR, so as to avoid unauthorized and accessible disclosure of personal data to third parties. At the same time, Hora Credit IFN SA did not notify the Supervisory Authority of the security incident that was brought to its notice, according to art. 33 of the GDPR, within 72 hours from the date it became aware of it. The fine consists of three partial fines of EUR 3000, EUR 10000 and EUR 1000.

Open original source Links to the regulator's original publication or another source.