Enforcement
EN Compania Națională Poșta Română S.A.: Insufficient legal basis for data processing
€5,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Content
The Romanian DPA has imposed a fine of EUR 5,000 on the Romanian Post (Compania Națională Poșta Română S.A.). During its investigation, the DPA found that the controller had processed personal data of employees without a valid legal basis.
GDPR Articles: Art. 5 (1) a) GDPR, Art. 5 (2) GDPR, Art. 6 (1) GDPR
Industry: Transportation and Energy