On 25/Mar/2020, Dante International SA received a privacy fine of EUR 3,000. The enforcement authority (Romanian National Supervisory Authority for Personal Data Processing) has cited these legal provisions in imposing the fine on Dante International SA: Article 21 GDPR/ Article 6 GDPR/ GDPR/
Essentials
Date of enforcement action: |
---|
25/Mar/2020 |
Jurisdiction: | Fine imposed: |
---|---|
Romania ![]() |
EUR 3,000 (US$3,200) |
Defendant company or entity: | Industry segment: |
---|---|
Dante International SA | Retail / |
Case summary
On 27.02.2020, the Romanian National Supervisory Authority completed an investigation at the operator Dante International S.A., the owner of e-MAG.ro and found that it had violated the provisions of art. 6 of the GDPR, by reference to the provisions of art. 21 para. (3) of the Regulation.
The operator Dante International SA was sanctioned with a fine in the amount of 14,420.4 lei, the equivalent of the amount of 3,000 EURO.
The sanction was applied to the operator because, at the end of 2019, it sent a commercial email message to an individual, although at the beginning of 2019 the data subject had confirmed to Dante International SA that he wished to unsubscribe from commercial communications.
At the same time, two corrective measures were applied to the operator Dante International SA, based on the provisions of art. 58 para. (2) lit. c) and d) of the General Data Protection Regulation.
Thus, the operator was obliged to implement the request of the natural person to have deactivated from the database the setting regarding the transmission on his e-mail address of the commercial messages, within 3 working days from the communication of the unsubscribe request. At the same time, the operator was obliged to take measures so as to comply with the provisions of art. 21 of the Regulation, within 20 days from the date of request.
In this context we mention that art. 21 para. (3) of the General Data Protection Regulation, provides that “if the data subject objects to the processing for direct marketing purposes, personal data shall no longer be processed for that purpose.”
(Romanian DPA)
Commentary
This is a relatively minor case but does demonstrate that fines can be applied for failing to remove a data subject’s email address from a commercial marketing list, once he or she has unsubscribed and therefore exercised the right to object under Article 21 of the GDPR.
Enforcement information
Enforcement authority: | Type of enforcement action: |
---|---|
Romanian National Supervisory Authority for Personal Data Processing ![]() |
Penalty notice |
Subject to appeal? |
---|
Not known |
File or case number
N/A
Cite this fine in your work
Data Privacy Fines Index. (2020-03-25 11:45) Dante International SA fined EUR 3k. dataprivacyfines.com. Retrieved from https://privacyfines.com/fine/dante-international-sa-fined-eur-3k/
Entry last updated: 2020-05-01 11:56 GMT.