Telekom si Vodafone have been sanctioned by the Romanian authorities since this summer and until now because of the way in which they implemented the legislative changes of the GDPR in their own IT systems. We are talking about a series of new rules for the protection of people's personal data, and those from Telekom and Vodafone do not seem to have respected everything exactly as they should, so they were sanctioned by the authorities with warnings.
Vodafone was the company initially sanctioned by the National Supervisory Authority for the Processing of Personal Data, here's why: "Warning - for committing the contravention provided for in art. 13, para. 1 lit. a) from Law no. 506/2004, as the operator did not take sufficient appropriate technical and organizational measures to guarantee that personal data can only be accessed by authorized persons, for the purposes authorized by law, which led to the fact that the personal data contained in the detailed invoices of Vodafone Romania SA subscribers, natural persons, were viewed by employees with access rights in a specific application owned by the operator, for unauthorized purposes, individually and for personal purposes, exceeding the duties of the job description."
Telekom and Vodafone SANCTIONED by the Romanian Authorities
Telekom Romania Communications was also sanctioned by the ANSPDCP, also with a warning, but on September 26, for the following reason: "Warning - for committing the contravention provided by art. 13 para. (1) lit. a) from Law no. 506/2004, because the operator did not take adequate technical and organizational measures to ensure the security of personal data processing, which led to the erroneous transmission of some e-mails containing the links related to the invoices of some customers, to other customers than the bill holders, as well as the illegal access and disclosure of personal data of Telekom Romania customers."
Telekom and Vodafone escaped without fines from the ANSPDCP, and this is because the violations of the legislation were not so serious as to impose pecuniary sanctions. Those from Unicredit Bank did not escape as easily, in their case ANSPDCP imposed a fine of 130.000 euros, so Telekom and Vodafone escaped extremely easily following the checks made by the authorities.
Telekom and Vodafone were not the only operators targeted, those from Orange also being investigated by the authorities, while Digi has not yet had problems of this kind.
