Vreau Credit S.R.L fined for not reporting a Data Breach
On October 1st the Romanian National Supervisory Authority fined Creau Credit S.R.L ( 20.000 EUR) due to not reporting a data breach.
The Supervisory Authority initiated an investigation due to a personal data breach notification. Vreau Credit S.R.L sent data from identity documents of 1177 individuals via WhatsApp to two Raiffeisen employees. They performed queries to the Credit Bureau System to obtain credit eligibility scores for these individuals. Raiffeisen employees returned the negative credit scores to the employees of Vreau Credit S.R.L. violating internal procedures.
Vreau Credit S.R.L. was fined because they did not notify the supervisory authority of the personal data breach.
More information on the Raiffeisen Bank SE fine
read more at the European Data Protection Board.
Entscheidungsdatum:
01.10.2019
Land:
Romania
Art des Verstoßes:
violated duty to inform
Betroffene Datensätze:
1177
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 20,000,-
Violation of GDPR Paragraph:
32. Security of processing
33. Notification of a personal data breach to the supervisory authority
Quelle: