A new sanction for the breach of GDPR
The National Supervisory Authority finalized an investigation at the controller Continental Automotive Romania SRL and found the breach of the provisions of Article 24 and Article 32 paragraph (1) letter d) of the General Data Protection Regulation.
The controller Continental Automotive Romania SRL was sanctioned with fine in amount of Lei 9,886.00 (the equivalent of EUR 2,000).
The investigation was started following the submission by the controller in 2022, based on the provisions of the General Data Protection Regulation, of a breach notification of the personal data security.
Within the investigation it was found that the controller discovered at his headquarters from Timisoara, besides the official camera system, a number of 135 un-approved surveillance cameras (not configured according to the internal policies) connected to unofficial camera systems, the majority being located in the middle of the production area.
Therefore, the National Supervisory Authority found that the controller did not establish appropriate technical and organizational measures and did not periodically evaluate the technical and organizational measures implemented in order to establish their efficiency for ensuring an adequate security of the processing of the video images of the employees and for preventing the un-authorized processing, by breaching the policies established by the controller/the working instructions.
Legal and Communication Department