Sligo County Council: Non-compliance with general data processing principles

The Irish DPA has imposed a fine of EUR 29,500 on the Sligo County Council. The controller used video surveillance but failed to ensure compliance with the GDPR. They failed to provide adequate information to data subjects, failed to implement sufficient technical and organisational measures to ensure GDPR compliance, failed to ensure adequate data security and stored the recorded data for longer than necessary.

GDPR Articles: Art. 5 (1) a), c), e), f) GDPR, Art. 13 (1), (3) GDPR, Art. 24 (1) GDPR, Art. 25 GDPR, Art. 30 GDPR, Art. 32 (1) GDPR
Industry: Public Sector and Education