Vreau Credit S.R.L fined for not reporting a Data Breach
On October 1st the Romanian National Supervisory Authority fined Creau Credit S.R.L ( 20.000 EUR) due to not reporting a data breach.
The Supervisory Authority initiated an investigation due to a personal data breach notification. Vreau Credit S.R.L sent data from identity documents of 1177 individuals via WhatsApp to two Raiffeisen employees. They performed queries to the Credit Bureau System to obtain credit eligibility scores for these individuals. Raiffeisen employees returned the negative credit scores to the employees of Vreau Credit S.R.L. violating internal procedures.
Vreau Credit S.R.L. was fined because they did not notify the supervisory authority of the personal data breach.
read more at the European Data Protection Board.
Type of Issue:
violated duty to inform
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph:
32. Security of processing
33. Notification of a personal data breach to the supervisory authority