Sanction for the infringement of GDPR
The National Supervisory Authority finalised in February 2022 an investigation at the controller Kaufland Romania SCS and found the breach of the provisions of Article 15 paragraph (3) of the General Data Protection Regulation regarding the right to access.
Therefore, the controller was sanctioned with a fine in amount of Lei 9,889.4 (the equivalent of EUR 2,000).
The investigation was started following a complaint, and during the investigation performed it was found that the controller Kaufland did not provide a full copy of all the recordings from the video-surveillance system, which represents a breach of Article 15 paragraph (3) of the General Data Protection Regulation.
Thus, it was found that the controller did not provide, at the request of the data subject, a full copy of the registrations regarding him/her, from the premises of the store, although they were available when requested.
Also, the corrective measure to provide to the data subject all the images requested by him/her, with the blurring of the images resulting in the identification of another persons, according to Article 15 of the General Data Protection Regulation, was applied.
Legal and Communication Department