Tecnomed Trento s.r.l.: Non-compliance with general data processing principles

The Italian DPA has fined Tecnomed Trento s.r.l. EUR 10,000. The controller had operated several video surveillance cameras in its premises, some of them without the required authorization. Furthermore, the DPA found that information signs regarding the processing of personal data by the cameras were missing. The DPA also found that three individuals with shared credentials had authorized access to the recorded images. The DPA concluded that this circumstance was not appropriate to guarantee the confidentiality of the information processed by the video surveillance system, in particular it does not allow to check who carried out certain processing operations.

GDPR Articles: Art. 5 (1) a), c) GDPR, Art. 13 GDPR, Art. 29 GDPR, Art. 32 GDPR, Art. 114 Codice della privacy
Industry: Health Care