Cooperation Helps To Avoid Fines

  • Author: Arno Schlösser, DP-Dock GmbH
  • Last updated: March 2026
  • Category: Data Security, Enforcement

In a case of non-cooperation, the Romanian data protection authority ANSPDCP imposed a fine of 2,000 euros on a dental clinic. The case began when the clinic itself reported a data breach to the authority. A former employee had copied the contact information and medical records of all patients. She then contacted these patients to approach them for a new clinic. The authority subsequently launched an investigation and repeatedly requested information from the clinic. However, the company did not respond to these requests, or did so only partially. As a first step, the authority issued an official warning and a formal order requiring the clinic to grant the authority the requested access to the data and information. Since the dental clinic still failed to comply with this order within the set deadline, the fine was imposed as a second step.

Authority: ANSPDCP (Romania)
Industry: Healthcare
Violation: Art. 58(1)(a), (e) GDPR, Art. 83(5)(e) GDPR
Fine: 10,190 lei (2,000 euros)

The fine was imposed solely due to a lack of cooperation. The key point here is the escalation: The penalty was only imposed after the company had ignored not only the initial requests but also a subsequent formal order and warning. Companies must implement clear incident response processes, including dedicated contact persons and training, to avoid fines and maintain trust.

Should you have any questions on cookies or require further information, please do not hesitate to contact us any time.

Female customer filling information in the check-in form at the counter with receptionist. Young woman client signing document in office by the desk
© Space_Cat / stock.adobe.com | #388799142

Back to the news overview

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group essential
Name Matomo
Technical name
Provider
Expire in days 72
Privacy policy
Use Use without cookies
Allowed
Group external media
Name Calendly
Technical name __cf_bm,__cfruid,OptanonConsent
Provider Calendly LLC
Expire in days 365
Privacy policy
Use To arrange appointments via the provider Calendly
Allowed
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Name Contao HTTPS CSRF Token
Technical name csrf_https_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Name PHP SESSION ID
Technical name PHPSESSID
Provider Contao
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed
Privacy Policy | Privacy Policy