Details:

Summary The Romanian DPA (ANSPDCP) imposed a fine in the amount of EUR 500 against a natural person holding the position of General Secretary for a political party in Bucharest. The controller had published a list on a social network, which contained personal data such as names, signatures, nationalities, dates of birth, postal addresses, of ten supporters of the party. The DPA found that the controller had failed to implement adequate technical and organizational measures to protect the processing of personal data. In addition, the controller had not sufficiently cooperated with the DPA in its investigation.
Link: link
Related articles:  Art. 32 (1), (2) GDPR, Art. 58 (1) a), e) GDPR
Type: Insufficient technical and organisational measures to ensure information security
Fine: EUR 500
Sector Public Sector and Education

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law