gdpr fines

GDPR Fines

iul. 4 2025

GDPR Fine for Cookies Installed Without Consent

A cookie is a small text file stored on a user’s device when visiting a website. These modules aim to retain information about user preferences and activity, thereby facilitating a personalized browsing experience. According to the General Data Protection Regulation (GDPR), cookies are considered personal data as they can indirectly identify an individual through unique identifiers associated with their device.

For instance, if a cookie collects information about a person’s online behavior (pages visited, products searched), this data can be combined with other existing information to create a detailed user profile, allowing for indirect identification of the individual.

Recently, the National Authority for Supervision of Personal Data Processing (ANSPDCP) sanctioned a company with a fine of 20,000 lei for violating the provisions regarding personal data processing and privacy protection in the electronic communications sector (Law no. 506/2004).

The investigation was initiated following a complaint from an individual who claimed that an online store had breached GDPR provisions.

During the investigation, ANSPDCP found that the company’s website installed cookie modules (such as those used for marketing and statistical purposes), which were not technically necessary, without previously obtaining user consent.

In addition to the imposed fine, the authority mandated a corrective measure, requiring the website to reconfigure cookie settings so that these modules are activated exclusively after explicit user consent is given.

This case underscores the importance of adhering to legal requirements regarding clear and explicit user consent, especially when processing personal data via cookies.

Companies managing websites are thus encouraged to review and update their consent mechanisms to avoid sanctions and ensure complete transparency toward users.

For additional details and specific recommendations on GDPR compliance, please contact us.

Adriana Ceausescu 0 Comments

sept. 6 2024

Clearview AI fined 30.5 million euros

The Dutch Data Protection Authority (Dutch DPA) has imposed a significant fine of 30.5 million euros on Clearview AI, a U.S.-based company known for its controversial facial recognition services. In addition to the fine, Clearview also faces potential additional penalties of up to 5 million euros for non-compliance. This decision underscores the Dutch authority’s firm stance against privacy violations and the unauthorized use of data, particularly in the rapidly developing field of biometric technology. Read More

Ceausescu Cezar 0 Comments

mai 20 2024

856.000 euro GDPR fine

One of Finland’s largest online retailers, Verkkokauppa.com, was recently fined a not inconsiderable €856,000 by the national supervisory authority.

How it came about: a customer of the Finnish retailer complained to the authority that he was forced to create a user account in order to shop on the site.

Ceausescu Cezar 0 Comments

mart. 6 2024

GDPR fine following cyber attack: what happened and what does it mean for you?

A storage company in Romania has been fined for failing to sufficiently protect its customers’ personal data.

Ceausescu Cezar 0 Comments

GDPR Fines

aug. 22 2023

Uipath – GDPR fine

On August 21, 2023, the National Supervisory Authority for Personal Data Processing (ANSPDCP) issued a press release regarding the fine imposed on UiPath for violating the General Data Protection Regulation (GDPR). The link to the release is above, and what we set out to do today is to analyze the causes that led to the personal data breach and the lessons that can be learned by companies.

Ceausescu Cezar 0 Comments

iun. 21 2023

40.000 euro fine for Emag for failure to comply with GDPR requirements

1. The National Supervisory Authority for Personal Data Processing (NSPSPDPA) has received complaints from three individuals in Hungary against Dante International SA, through the cooperation mechanisms of Regulation (EU) 2016/679.

2. The ANSPDCP has been designated as the lead supervisory authority in this case, as Dante International SA has its main office in Romania.

Ceausescu Cezar 0 Comments

GDPR Fines

mart. 8 2023

25.000 lei fine ANSPDCP for GDPR violation

In February of this year, the National Supervisory Authority completed two investigations into two operators who violated the provisions of Art. 32 para. (1) lit. (2) of the General Data Protection Regulation (GDPR).

Ceausescu Cezar 0 Comments

Blog

feb. 24 2023

5 notable examples of fines for non-compliance with Art 32 of GDPR

Article 32 of the General Data Protection Regulation (GDPR) lays down the obligation for controllers to implement technical and organizational measures with regard to the processing of personal data in such a way as to ensure a level of security appropriate to the risks associated with the processing and the nature of the personal data involved. These measures must ensure the confidentiality, integrity and availability of the data, as they would say, the holy trinity in information security or CIA.

Ceausescu Cezar 0 Comments

GDPR Fines

ian. 18 2023

Emag receives fine for not respecting GDPR regulation

The National Supervisory Authority for Personal Data Processing has formally completed its investigation into Dante International SA and found that the company violated several provisions of Regulation (EU) 2016/679.

Thus, Emag.ro did not comply with a data subject’s request to delete his data,the company informed him by SMS about a new offer, when he had expressly requested the deletion of his account and all irrelevant data. As a result, the regulator issued a fine of €1,000 (equivalent).

details here

Ceausescu Cezar 0 Comments

GDPR Fines

ian. 4 2023

2023 starts with GDPR fines issued by ANSPDCP

Ceausescu Cezar 0 Comments

L	Ma	Mi	J	V	S	D
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Tag Archives: gdpr fines

Our News Latter