Politics

“Huge fine” at Renault Romania: Personal data of customers, published online. What happened

Photo of Ashley Davis Ashley Davis25/03/2026
0 92 3 minutes read

Renault Romania was fined 125,000 euros after, following a cyber attack on a company application that was managed by a proxy, the personal data of a large number of people were accessed and disclosed in an unauthorized manner by publishing on a platform, the National Authority for the Protection of Personal Data (ANSPDCP) announced on Wednesday.

The investigation was started after Renault Commercial Roumanie SRL (na Renault Romania) notified the authority about the breach of personal data security, according to the provisions of art. 33 of Regulation (EU) 2016/679.

What data has been posted online

As part of the investigation, which was completed this month, it was found that, following a cyber attack on a proxy application of the operator, a number of categories of personal data belonging to a very large number of data subjects were accessed and disclosed in an unauthorized manner by publishing on a platform.

“Thus, personal data such as: name, surname, personal phone number, professional phone number, home address, driver's license number, e-mail address, postal address, personal numerical code, chassis series, date of birth, ID card series and number, position, employer, personal identification number for employees were accessed and disclosed,” says the authority.

What sanctions did Renault receive?

The authority found that Renault Romania “has not implemented adequate technical and organizational measures in order to ensure a level of security corresponding to the risk presented by processing, including among others the ability to ensure the confidentiality of processing systems and services, as well as the introduction of a process for testing, evaluating and periodically assessing the effectiveness of technical and organizational measures to guarantee the security of processing”.

“Also, it was found that the operator did not make sure that it uses only authorized persons who offer sufficient guarantees for the implementation of appropriate technical and organizational measures, in relation to the provisions of Article 28 paragraph (1) of the RGPD,” states the authority.

As such, the operator was fined 637,262.50 lei, the equivalent of 125,000 euros, for violating the provisions of art. 32 para. (1) lit. b), d) and para. (2) in conjunction with art. 28 para. (1) of Regulation (EU) 2016/679.

Warning from a GDPR expert

About the “huge fine” of 125,000 euros applied to Renault Romania, Tudor Galoș, expert in the EU Regulation on the protection of personal data (GDPR), warned on Wednesday.

“The interesting part: the authorized person suffered the data breach, but Renault, as the operator, collects the fine, according to the principle of Accountability. In fact, the authority clearly says: “the operator did not ensure that it uses only authorized persons who offer sufficient guarantees for the implementation of appropriate technical and organizational measures”. Come on, get cheap and good suppliers and see what you're going through,” wrote Tudor Galoș on Facebook.

“ANSPDCP has not issued a fine of over 100,000 euros for a long time”

In a statement for HotNews, Tudor Galoș explains where exactly Renault Romania went wrong.

“One of the most important principles in the GDPR is the principle of responsibility. In English it is called accountabilityrelatively untranslatable term, which means responsibility with consequences. Basically, an operator is directly responsible for the way in which its employees, but also its suppliers acting on its behalf (persons authorized by the operator, according to the law) process personal data.

Which means that if an employee or a supplier acting as an authorized person violates the GDPR by processing personal data on behalf of the operator, the operator will bear the consequences: fines and corrective measures. This forces operators to choose those providers that offer sufficient guarantees in terms of personal data processing – that is, not the cheapest, but the most secure. Because any violation of the GDPR by providers acting as authorized representatives falls on the operator,” Tudor Galoș told HotNews.

What does it say about the fine applied to Renault?

“This fine is huge because the ANSPDCP has not issued a fine of over 100,000 euros for a long time,” said the GDPR expert.

Photo of Ashley Davis Ashley Davis25/03/2026
0 92 3 minutes read
Photo of Ashley Davis

Ashley Davis

I’m Ashley Davis as an editor, I’m committed to upholding the highest standards of integrity and accuracy in every piece we publish. My work is driven by curiosity, a passion for truth, and a belief that journalism plays a crucial role in shaping public discourse. I strive to tell stories that not only inform but also inspire action and conversation.

Related Articles

How much money does the Ministry of Education need to cover the expenses “if the measures announced are not taken”. Daniel David, meeting with unions protesting

05/08/2025

How will the weather be on the day of presidential election / what temperatures will be in the May 1 mini -vacation

01/05/2025

Superliga: New-promota Metaloglobus has announced that it has a new coach

15/06/2025

Interview “is absolutely disgusting”. The situation of the Romanian students from Harvard, after the Decision of the Trump administration for all foreign students to leave the faculty

23/05/2025

Leave a Reply

Your email address will not be published. Required fields are marked *

2022 © Automatic RSS News Aggregator KNews.Media. Company Name: KNEWS Media Group LLC Address: 160 Broadway, New York, NY 10038 United States
Back to top button