Glove Technology SRL – €4,949 Fine (Romania, 2021)

The ANSPDCP started an investigation against the controller Glove Technology SRL, after a data subject filed a complaint. The investigation revealed that the controller used CCTV cameras inside its offices to surveil its employees and record their conversations with the intention to use the recorded files against them. The ANSPDCP found that the surveillance took place without a legal base as required by Article 6(1) GDPR. Moreover, the controller did not respect the lawfulness, fairness and transparency principle laid down in Article 5(1)(a) GDPR. As result, the controller was fined approximately €5,000 (RON 24,745). Furthermore, using their powers laid down in Article 58(2)(d) GDPR , the DPA required the controller to ensure that further CCTV surveillance will be in conformity with the GDPR, stop any data processing that was made through non-compliant CCTV systems, and delete any subsequent data that might have been collected unlawfully through the CCTV systems.