Romania

Actamedica SRL

3,000 €

GDPR enforcement action by Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) on 2021-08-24.

Rank · Sector

#206

of 270 in Health Care

Rank · Romania

#117

of 283

Rank · All fines

#2,044

of 3,050

Case details

Authority: Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Date: 2021-08-24
Controller / Processor: Actamedica SRL
Sector: Health Care
Quoted Articles: Art. 28 (1) GDPR, Art. 32 GDPR, Art. 33 GDPR
Type of violation: Insufficient technical and organisational measures to ensure information security

Summary

The Romanian DPA (ANSPDCP) has fined Actamedica SRL EUR 3,000. The controller had informed a private individual about the loss of her biological samples and a sum of money sent via a courier service. When asked what personal data had been disclosed on this occasion and whether the ANSPDCP had been informed of this incident, the controller only provided the contact details of his lawyer and an e-mail address of the courier service to which the private individual could address her complaint. The ANSPDCP found a breach of the controller's obligation to implement technical and organizational measures to ensure a level of protection appropriate to the risk to data subjects, as well as a breach of the controller's obligation to notify the ANSPDCP of the data breach.

Open original source Links to the regulator's original publication or another source.