Natural Person: Non-compliance with general data processing principles

The Romanian DPA has imposed a fine of EUR 10,000 on a natural person. The controller operated a website on which identity cards containing personal data, including special category data, possible criminal convictions, data on the intimate lives of data subjects and possible debts, were published. The processing of this data was not based on a sufficient legal basis, and the controller did not ensure that the data was correct, complete or transparent. Furthermore, the controller did not adequately respond to requests by data subjects to delete their data. Furthermore, the DPA found that the controller did not provide the necessary information on its website, nor did it respond to requests from the DPA.

GDPR Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 10 GDPR, Art. 12 (3), (4) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 17 (1) GDPR, Art. 58 (1) GDPR
Industry: Individuals and Private Associations