Data Protection Academy » Data Protection News » Romanian supervisory authority imposed fine on Elefant Online SA
Romanian supervisory authority imposed fine on Elefant Online SA
Date: 31.10.2019
Responsible body: Elefant online SA
Type of data breach: e-mail communication not conforming to DSGVO
The Romanian supervisory authority imposed the fine based on a petition in which Elefant Online S.A. had sent the applicant unsolicited commercial messages to his email address without his consent. Although the data subject had unsubscribed both on the website and via the unsubscribe links in the newsletters, he continued to receive unsolicited commercial messages on his email address from Elefant Online S.A.. The communication with data subjects for marketing purposes is, according to the GDPR only permissible if they have consented to this. If data subjects subsequently opt out of receiving marketing communications, the data controller must ensure that data subjects are no longer notified.
Fines: 10,000 Leu
Country: Romania
Source: European Data Protection Board
- Internal control system - 10 September 2024
- TISAX requirements: Prepare certification step by step - 8 January 2024
- Audit management: Implementing audits more efficiently - 26 October 2023