Unauthorized video surveillance on company premises
A company with locations in multiple sites installed a network of surveillance cameras on their premises. Both image and sound recordings were made and stored. When asked, management explained that these cameras serve multiple purposes. They were intended to prevent vandalism and serve as evidence in disputes. Besides, the company also stated that they had a positive effect on work performance.
The data protection authority called the monitoring “excessive” and felt that this was disproportionate to the purpose of the operation. The authorities were particularly disturbed by the fact that sound and image recordings were made and stored. In addition, the data subjects were not informed about the nature and purpose of the data processing, which constitutes a violation of Section 13 of the General Data Protection Regulation.
It imposed a fine of € 5,000 on the company. Furthermore, the dismantling of the monitoring equipment was ordered, as well as the deletion of all records.
Conclusion
Video surveillance was already a sensitive topic before the introduction of the GDPR. It is clear that surveillance must serve a defined purpose and proportionality must be given. Otherwise, you will have to face not only a fine but also a complete dismantling of your cameras. If you are unsure whether your video surveillance complies with current regulations, take advantage of our easyGDPR consultation. Our certified data protection experts will be happy to advise you.
Entscheidungsdatum:
21.09.2018
Land:
Cyprus
Art des Verstoßes:
Illegal data collection
Betroffene Datensätze:
unknown
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 5,000,-
Violation of GDPR Paragraph:
13. Information to be provided where personal data are collected from the data subject
5. Principles relating to personal data processing
Quelle:
Decision of the Cyprus Data Protection Authority (Cypriot)