Enforcement
EN Kaufland Romania SCS: Insufficient technical and organisational measures to ensure information security
€3,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Content
The Romanian DPA has imposed a fine of EUR 3,000 on Kaufland Romania SCS. The controller had reported a data breach to the DPA according to Art. 33 GDPR. An employee had taken pictures of the CCTV recordings with their cell phone and transmitted them to a third party. The third party then published the images on which two people and a license plate could be identified on the website of a local newspaper. The DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data.
GDPR Articles: Art. 29 GDPR, Art. 32 (1) b) GDPR, Art. 32 (2), (4) GDPR
Industry: Industry and Commerce