Enforcement
EN Hotel operator: Non-compliance with general data processing principles
€3,000 fine - Spanish Data Protection Authority (aepd)
Content
The Spanish DPA (AEPD) has imposed a fine of EUR 3,000 on a hotel operator. The controller had installed video surveillance cameras which, among other things, also covered the public space and parts of the hotels pool area. The DPA considered this to be a violation of the principle of data minimization. In addition, the controller did not comply with its duty to properly inform about the CCTV.
GDPR Articles: Art. 5 (1) c) GDPR, Art. 13 GDPR
Industry: Accomodation and Hospitality