Skip to main content

Romanian DPA fines the lack of cooperation with the supervisory authority

|

The Romanian Data Protection Authority ("Romanian DPA") has recently sanctioned three entities (two private companies and a homeowners association) for lack of cooperation with the supervisory authority, imposing on these entities administrative fines of EUR 2,000 (twice), respectively EUR 3,000. All three sanctions were announced during October 2020 on the website of the Romanian DPA.

All sanctioned entities failed to provide the Romanian DPA with access to the requested information, which was necessary for the performance of the investigative duties of the supervisory authority. The fines are grounded on Article 83(5), letter (e) of the GDPR.

In the case of one of the private companies, the investigation started as a result of several petitioners having informed the Romanian DPA on the fact that they have received on their personal telephone numbers, via short message service (SMS), commercial messages promoting the services of a website owned by the legal entity, without their consent.

As concerns the homeowners association, the investigation started following a complaint where the petitioner claimed that he/she received no response to the request submitted to the respective homeowners association.

The Romanian DPA has not revealed the details of the investigation carried out in respect of the third sanctioned private company.

In all these three cases, with a view to perform the assessment of the facts, the Romanian DPA has send requests for additional information and explanations to the investigated entities. The sanctioned entities failed to respond to the requests of the Romanian DPA or failed to deliver all requested information/documentation.

It goes without saying that these GDPR fines are not of the type that we were used to see being imposed by the Romanian DPA - most of them being either for insufficient implementation of security measures to protect personal data or for non-observance of some of the GDPR data processing principles.

While all these sanctions are definitely based on the failure to provide access to information and documents in violation of Article 58(1) of the GDPR, the public announcements on the authority website refer rather to breaches of (or failure to comply with) corrective measures and not orders issued based on the investigative powers of the authority.

Besides the administrative fines, the Romanian DPA ordered once more to the sanctioned entities to provide the missing information/documents, the request being again presented as being a corrective measure.

It seems that the authority targeted to raise awareness among controllers and processors that it is in their best interest to provide the requested data in investigation contexts, and that cooperation with the supervisory authority is not optional.

All these measures – as well as the fact that there were three such sanctions within one month - signal to us that the Romanian DPA is open to raise the standards when it comes to dealing with data protection topics and cooperation with the supervisory authority.

 

Article provided by: Adelina Iftime Blagean and Nina Lazar  (Wolf Theiss, Romania)

 

 

Discover more about INPLP, the INPLP-Members and the GDPR-FINE database

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

VIEW STREAM

About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.

{$page.footerData}