Romanian Crypto Firm Ascendex Technology Fined for GDPR Data Deletion Violations

Ascendex Technology SRL, a cryptocurrency platform based in Bucharest, has been sanctioned by Romania’s Data Protection Authority for breaching General Data Protection Regulation requirements. The company was ordered to pay 11,000 EUR following its failure to delete personal data belonging to a French user within legally mandated timeframes.

The enforcement action stems from a complaint filed by a French citizen who requested the removal of their personal information from the platform’s systems. According to findings from Romania’s data protection regulator, the company did not comply with the deletion request according to GDPR standards, which require organizations to process such requests without undue delay and typically within one month.

Investigation Reveals Systemic Delays

During its investigation, the Romanian Data Protection Authority uncovered a broader pattern of non-compliance. The regulatory body discovered that Ascendex Technology had taken as long as 37 months to process similar data deletion requests from other users. This extended timeline represents a significant departure from GDPR obligations, which mandate that companies respect individuals’ right to be forgotten promptly and without unjustified delays.

The fine represents a measured enforcement action relative to the company’s size and the nature of the violation. While GDPR penalties can reach up to 4% of annual global turnover or 20 million EUR, regulators often tailor sanctions to the specific circumstances of each case. Romania’s Data Protection Authority’s decision to impose a 11,000 EUR penalty reflects the severity of the delays and the company’s failure to establish adequate procedures for handling data subject requests.

Growing Scrutiny of Crypto Platforms

The case underscores increasing regulatory attention toward cryptocurrency and fintech companies operating across European borders. As digital asset platforms expand their user bases internationally, they face mounting obligations to comply with privacy frameworks that differ from those in their home jurisdictions. For platforms like Ascendex Technology, which launched in 2018 and operates at growth stage, maintaining robust data governance systems has become critical to managing regulatory risk.

The incident highlights a common challenge within the European startup ecosystem. Many growth-stage fintech and crypto companies have struggled to build compliance infrastructure that matches the sophistication of their technical operations. The complexity multiplies when platforms serve users across multiple EU member states, each with its own interpretation and enforcement of GDPR requirements.

Ascendex Technology’s violation reflects a broader trend of data protection enforcement actions against digital services providers. Regulators across the EU have increasingly prioritized investigating complaints about delayed or refused data deletion requests, recognizing them as indicators of insufficient data governance frameworks. For other crypto platforms and fintech startups operating in Europe, the case serves as a reminder that GDPR compliance requires dedicated resources and systematic processes, not merely reactive responses to regulatory inquiries.

Leave a Comment