Enforcement
EN Apă Canal Ilfov SA: Insufficient technical and organisational measures to ensure information security
€3,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Content
The Romanian DPA has imposed a fine of EUR 3,000 on Apă Canal Ilfov SA. The controller sent an e-mail with personal data to several recipients in an open distribution list. This made it possible for the recipients to view the e-mail addresses of all other recipients.
GDPR Articles: Art. 32 (1) b) GDPR, Art. 32 (2) GDPR, Art. 32 (4) GDPR
Industry: Industry and Commerce