Details:
| Summary | The Romanian DPA has imposed a fine of EUR 3,000 on Kaufland Romania SCS. The controller had reported a data breach to the DPA according to Art. 33 GDPR. An employee had taken pictures of the CCTV recordings with their cell phone and transmitted them to a third party. The third party then published the images on which two people and a license plate could be identified on the website of a local newspaper. The DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data. |
| Link: | link |
| Related articles: | Art. 29 GDPR, Art. 32 (1) b) GDPR, Art. 32 (2), (4) GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 3,000 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/