Hora Credit IFN SA - 14.000 Euro Fine

Hora Credit IFN SA – 14.000 Euro Fine

The Romanian data protection authority has accused Hora Credit IFN SA of sending personal data to the wrong recipient. The company had violated the principles of the GDPR (according to Paragraph 5 of GDPR), which regulate the processing of personal data. Beside the company had not implemented suitable technical and organizational measures (TOM) to prevent unauthorized disclosure of data. The data protection violation was also not reported within 72 hours, as written down in Paragraph 33. The company also breached Paragraph 6 and Paragraph 9 of the GDPR.

The authority imposed three fines of approximately 3,000 euros, 10,000 euros and 1,000 euros, for a total of approximately 14,000 euros.

Decision data:
10.12.2019

Country:
Romania

Type of Issue:
violated rights of the data subject

Number of involved data records:
unknown

Special category of data involved:
No

Fine:
€ 14,000,-

Violation of GDPR Paragraph:

33. Notification of a personal data breach to the supervisory authority
5. Principles relating to personal data processing
6. Lawfulness of processing
9. Processing of special categories of personal data

Reference:
Romanian Data Protection Authority (englisch)