18.01.2023
Sanction for the GDPR infringement
The National Supervisory Authority finalized in December 2022 an investigation at the controller Dante International SA and found the breach of the provisions of Article 17 of Regulation (EU) 2016/679.
Therefore, the controller was sanctioned with fine in amount of Lei 4,918.6 (the equivalent of EUR 1,000).
The investigation as started following an intimation submitted by a data subject through which it was claimed that the controller Dante international SA, the owner of emag.ro, breached the right erasure of personal data.
Within the investigation performed, it was found that the controller provided to the telephone number of the data subject an SMS through which he/she was informed in relation to the commercial offers of the company, although he/she previously requested the erasure of the account and of the irrelevant data.
The National Supervisory Authority found that the controller Dante International SA did not adopt all the necessary measures in order to handle the request of the data subject to erase his/her personal data, therefore it continued to process his/her data by sending unsolicited commercial messages.
At the same time, during the investigation also the corrective measure to take technical and organizational measures in order to ensure that it effectively handles the requests through which the rights of the data subjects provided under Regulation (EU0 2016/679, including in relation to the right to erasure, are exercised, was taken against the controller.
Legal and Communication Department