RO EN
← Back to Blog Data Diggers fined: three GDPR penalties for lack of transparency and unlawful processing

Data Diggers fined: three GDPR penalties for lack of transparency and unlawful processing

Published on: 27.05.2026  ·  Views: 62

Data Diggers sanctioned by ANSPDCP: three GDPR fines and corrective measures for transparency failures and unlawful processing

Investigation background

The Romanian Data Protection Authority (ANSPDCP) concluded a major investigation triggered by notifications from two European supervisory authorities. The operator, Data Diggers Market Research SRL, was assessed for compliance with transparency obligations and the handling of data subject rights.

The investigation identified three significant GDPR violations, each affecting the rights and freedoms of data subjects.

GDPR Violations Identified

1. Violation of the right of access – Article 15 GDPR

The operator failed to provide complete information in response to data subject access requests.

Under Article 15, individuals have the right to know:


Fine imposed: €5,000

2. Failure to provide mandatory information – Article 14 GDPR

At the first communication with data subjects, the operator did not provide essential information such as:


Fine imposed: €2,000

3. Lack of a lawful basis for processing – Article 6 GDPR

The operator was unable to demonstrate a valid legal basis for processing personal data.

This is one of the most serious GDPR violations.

Fine imposed: €5,000

Total fines: €11,000

Corrective measure imposed

ANSPDCP ordered the operator to implement regular staff training on:


This indicates systemic compliance issues.

Why this case matters

The decision is a strong reminder for companies that:


Non‑compliance leads to financial penalties and reputational damage.


Share: Facebook LinkedIn