UiPath to challenge data breach fine imposed by Romanian authorities

24 August 2023

UiPath, a producer of automation software and the first Romanian company listed on the New York Stock Exchange, has decided to challenge in court the fine imposed on it in Romania for disclosing the personal data of 600,000 users of the Academy Platform.

The company was fined EUR 70,000 by the National Supervisory Authority for Personal Data Processing (ANSPDCP) for disclosing the personal data of 600,000 users, according to information published on the ANSPDCP website.

The investigation was initiated following the operator's submission of a personal data security breach notification under the General Data Protection Regulation (GDPR). 

According to the authorities cited by Ziarul Financiar, UiPath “did not implement adequate technical and organizational measures to ensure that personal data cannot be accessed without the intervention of individuals by an unlimited number of people, including the capacity to ensure the continuous confidentiality and resilience of processing systems and services, as well as a process for the periodic testing, assessment, and evaluation of the effectiveness of technical and organizational measures to guarantee processing security.”

In response, the company decided to challenge the fine in court.

"On December 1, 2020, UiPath became aware of an incident that led to the unauthorized disclosure of a file containing limited personal information about users of UiPath Academy, its online training portal. The file included the following details: name, email address, username, company name, country, and UiPath certification details. In the meantime, the Romanian authorities investigated the incident through the National Supervisory Authority for Personal Data Processing (ANSPDCP), an autonomous central public authority with general competence in personal data protection. After an investigation that spanned approximately 2 years and 6 months from the notification date, ANSPDCP informed UiPath on August 1, 2023, that they were applying a fine of EUR 70,000. UiPath has decided to challenge the fine and will await the final decision to be issued by the competent courts," the company told Profit.ro.

radu@romania-insider.com

(Photo source: UiPath on Facebook)

Normal

UiPath to challenge data breach fine imposed by Romanian authorities

24 August 2023

UiPath, a producer of automation software and the first Romanian company listed on the New York Stock Exchange, has decided to challenge in court the fine imposed on it in Romania for disclosing the personal data of 600,000 users of the Academy Platform.

The company was fined EUR 70,000 by the National Supervisory Authority for Personal Data Processing (ANSPDCP) for disclosing the personal data of 600,000 users, according to information published on the ANSPDCP website.

The investigation was initiated following the operator's submission of a personal data security breach notification under the General Data Protection Regulation (GDPR). 

According to the authorities cited by Ziarul Financiar, UiPath “did not implement adequate technical and organizational measures to ensure that personal data cannot be accessed without the intervention of individuals by an unlimited number of people, including the capacity to ensure the continuous confidentiality and resilience of processing systems and services, as well as a process for the periodic testing, assessment, and evaluation of the effectiveness of technical and organizational measures to guarantee processing security.”

In response, the company decided to challenge the fine in court.

"On December 1, 2020, UiPath became aware of an incident that led to the unauthorized disclosure of a file containing limited personal information about users of UiPath Academy, its online training portal. The file included the following details: name, email address, username, company name, country, and UiPath certification details. In the meantime, the Romanian authorities investigated the incident through the National Supervisory Authority for Personal Data Processing (ANSPDCP), an autonomous central public authority with general competence in personal data protection. After an investigation that spanned approximately 2 years and 6 months from the notification date, ANSPDCP informed UiPath on August 1, 2023, that they were applying a fine of EUR 70,000. UiPath has decided to challenge the fine and will await the final decision to be issued by the competent courts," the company told Profit.ro.

radu@romania-insider.com

(Photo source: UiPath on Facebook)

Normal

facebooktwitterlinkedin

1

Romania Insider Free Newsletters