The National Supervisory Authority has finalized an investigation with the controller BNP Paribas Personal Finance SA Paris Sucursala București (CETELEM IFN S.A.) and found that it infringed the provisions of Article 12 paragraph (3) of the General Data Protection Regulation.
The controller BNP Paribas Personal Finance SA was sanctioned with a fine in the amount of 9508 lei, the equivalent of 2000 Euros.
The investigation was initiated as a result of some complaints alleging that the controller did not respond to the applicant within the time limit provided by Article 12 paragraph (3) of the General Data Protection Regulation, although it had requested the deletion of certain personal data reported in the records system of Biroul de Credit.
Pursuant to Article 12 paragraph (3) of the General Data Protection Regulation, the controller has the obligation to respond to the requests of the data subjects without unjustified delays and at the latest within one month from the receipt of the request.
Also, a corrective measure was applied to the controller of BNP Paribas Personal Finance SA, which consisted in the adoption of measures, at the company level, regarding the settlement of the requests of the data subjects, so that, in all cases, the provisions of Article 12 of Regulation (EU) 2016/679 are observed.
To read the press release in Romanian, click here
For further information, please contact the Romanian Supervisory Authority: email@example.com