Dante International SA fined EUR 3k

On 25/Mar/2020, Dante International SA received a privacy fine of EUR 3,000. The enforcement authority (Romanian National Supervisory Authority for Personal Data Processing) has cited these legal provisions in imposing the fine on Dante International SA: Article 21 GDPR/ Article 6 GDPR/ GDPR/

Essentials

Date of enforcement action:
25/Mar/2020
Jurisdiction: Fine imposed:
Romania Flag for Romania, which is the jurisdiction taking enforcement action EUR 3,000 (US$3,200)
Defendant company or entity: Industry segment:
Dante International SA Retail /

Case summary

On 27.02.2020, the Romanian National Supervisory Authority completed an investigation at the operator Dante International S.A., the owner of e-MAG.ro and found that it had violated the provisions of art. 6 of the GDPR, by reference to the provisions of art. 21 para. (3) of the Regulation.

The operator Dante International SA was sanctioned with a fine in the amount of 14,420.4 lei, the equivalent of the amount of 3,000 EURO.

The sanction was applied to the operator because, at the end of 2019, it sent a commercial email message to an individual, although at the beginning of 2019 the data subject had confirmed to Dante International SA that he wished to unsubscribe from commercial communications.

At the same time, two corrective measures were applied to the operator Dante International SA, based on the provisions of art. 58 para. (2) lit. c) and d) of the General Data Protection Regulation.

Thus, the operator was obliged to implement the request of the natural person to have deactivated from the database the setting regarding the transmission on his e-mail address of the commercial messages, within 3 working days from the communication of the unsubscribe request. At the same time, the operator was obliged to take measures so as to comply with the provisions of art. 21 of the Regulation, within 20 days from the date of request.

In this context we mention that art. 21 para. (3) of the General Data Protection Regulation, provides that “if the data subject objects to the processing for direct marketing purposes, personal data shall no longer be processed for that purpose.”

(Romanian DPA)

Commentary

This is a relatively minor case but does demonstrate that fines can be applied for failing to remove a data subject’s email address from a commercial marketing list, once he or she has unsubscribed and therefore exercised the right to object under Article 21 of the GDPR.

Applicable legal provisions

Enforcement information

Enforcement authority: Type of enforcement action:
Romanian National Supervisory Authority for Personal Data Processing Flag for Romania, which is the jurisdiction taking enforcement action Penalty notice
Subject to appeal?
Not known

File or case number

N/A

Cite this fine in your work

Data Privacy Fines Index. (2020-03-25 11:45) Dante International SA fined EUR 3k. dataprivacyfines.com. Retrieved from https://privacyfines.com/fine/dante-international-sa-fined-eur-3k/

Entry last updated: 2020-05-01 11:56 GMT.