Details:
| Summary | The DPA of Luxembourg (CNPD) has imposed a fine of EUR 10,000 on a company. The company had installed a video surveillance system for the purpose of protecting company property and staff. However, the cameras also constantly captured parts of employee’s work areas, a break room, a meeting room and a neighbor property. The DPA states that the controller violated the principle of data minimization under Art. 5 (1) c) GDPR due to the excessive CCTV. Furthermore, the DPA found a violation of the information obligations set out in Art. 13 GDPR, by not properly informing data subjects about the video surveillance. |
| Link: | link |
| Related articles: | Art. 5 (1) c) GDPR, Art. 13 GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 10,000 |
| Sector | Not assigned |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/