Romania’s National Supervisory Authority for the Processing of Personal Data (ANSPDCP) investigated Libra Internet Bank following a complaint of obstructed access to data. The investigation revealed that Libra Internet Bank was unable to provide evidence of compliance with GDPR requirements, indicating gaps in data management practices. In addition, the bank’s response to the complainant lacked information about the possibility of filing a complaint with the supervisory authority and the possibility of a judicial appeal against the bank’s refusal to provide the requested data.
As a result, the ANSPDCP imposed a fine of €11,000 on Libra Internet Bank. In addition, the bank was obliged to respond fully to requests for access to data and to adopt technical and organisational measures to facilitate the exercise of the right of access.