Enforcement
EN BRISTOL LOGISTICS SA: Insufficient technical and organisational measures to ensure information security
€2,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Content
The Romanian DPA has imposed a fine of EUR 10,000 on BRISTOL LOGISTICS SA. The DPA received a notification from BRISTOL LOGISTICS SA of a personal data breach under Art. 33 GDPR. The notification stated that a binder containing the personnel files of 12 employees had been stolen, which led to unauthorized persons having access to personal data. The DPA considered this to be a violation of Art. 32 GDPR, as the municipality had failed to implement appropriate technical and organizational measures to ensure a level of protection commensurate with the risk.
GDPR Articles: Art. 32 (1) b) GDPR, Art. 32 (2) GDPR
Industry: Transportation and Energy