Romania

Telekom Romania Mobile Communications S.A.

10,000 €

GDPR enforcement action by Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) on 2021-03-30.

Rank · Sector

#299

of 369 in Media, Telecoms and Broadcasting

Rank · Romania

#38

of 283

Rank · All fines

#1,340

of 3,050

Case details

Authority: Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Date: 2021-03-30
Controller / Processor: Telekom Romania Mobile Communications S.A.
Sector: Media, Telecoms and Broadcasting
Quoted Articles: Art. 32 (1), (2) GDPR
Type of violation: Insufficient technical and organisational measures to ensure information security

Summary

The Romania DPA (ANSPDCP) has fined Telekom Romania Mobile Communications S.A. EUR 10,000 for failing to implement adequate security measures to ensure the security of personal data processing. In particular, the ANSPDCP's investigation revealed that the controllers' failure to implement adequate security measures resulted in the unauthorized disclosure of the data of 99,210 data subjects, including their customer number, gender and telephone number, as well as unauthorized access to the personal data stored in the accounts of 413 customers. On this basis, the ANSPDCP ruled that the controller violated Art. 32 (1) and (2) GDPR.

Open original source Links to the regulator's original publication or another source.