Café owner: Non-compliance with general data processing principles

The DPA from Luxembourg has imposed a fine of EUR 1,000 on a café owner. The owner had installed two video surveillance cameras in the café for the purpose of protecting company assets and the safety of customers and employees. Those cameras, however, constantly captured parts of the employee's work areas. The DPA found this to be a violation of the principle of data minimization. It also found that the owner had not sufficiently complied with its information obligations under Art. 13 GDPR.

GDPR Articles: Art. 5 (1) c) GDPR, Art. 13 GDPR
Industry: Accomodation and Hospitality