Romania

Natural Person

10,000 €

GDPR enforcement action by Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) on 2026-01-30.

Rank · Sector

#49

of 351 in Individuals and Private Associations

Rank · Romania

#49

of 283

Rank · All fines

#1,439

of 3,042

Case details

Authority: Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Date: 2026-01-30
Controller / Processor: Natural Person
Sector: Individuals and Private Associations
Quoted Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 10 GDPR, Art. 12 (3), (4) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 17 (1) GDPR, Art. 58 (1) GDPR
Type of violation: Non-compliance with general data processing principles

Summary

The Romanian DPA has imposed a fine of EUR 10,000 on a natural person. The controller operated a website on which identity cards containing personal data, including special category data, possible criminal convictions, data on the intimate lives of data subjects and possible debts, were published. The processing of this data was not based on a sufficient legal basis, and the controller did not ensure that the data was correct, complete or transparent. Furthermore, the controller did not adequately respond to requests by data subjects to delete their data. Furthermore, the DPA found that the controller did not provide the necessary information on its website, nor did it respond to requests from the DPA.

Open original source Links to the regulator's original publication or another source.