The French government has imposed a sizeable fine on a small business for violating the GDPR after it constantly filmed employees without informing them and kept poor encryption practices. It marks the first ever GDPR video surveillance fine ever issued by the CNIL, France’s data protection agency, it has confirmed to IPVM.
In this post, we examine the case and what it means for GDPR compliance going forward, including:
- France Video Surveillance Regulations Context
- Company Background
- CNIL Allegations
- What GDPR Articles Were Violated
- How the Fine Was Calculated
- Broader Impact/Conclusion
For background, see our GDPR For Video Surveillance Guide.
Ultimately, the case shows the importance of GDPR compliance and working closely with data authorities to address issues. However, the evidence we found shows no stepped up GDPR violation enforcement for video surveillance.