AZOP - Decision of 22 February 2021
|AZOP - Decision of 22 February 2021|
|Relevant Law:||Article 32(1)(b) GDPR|
Article 32(1)(d) GDPR
Article 32(2) GDPR
Article 32(4) GDPR
|Parties:||Security company (name N/A at the moment)|
|National Case Number/Name:||Decision of 22 February 2021|
|European Case Law Identifier:||n/a|
|Original Source:||azop.hr (in HR)|
|Initial Contributor:||Lejla Rizvanovik|
The Croatian DPA (AZOP) found that the leading security company in Croatia, acting as a data processor, enabled the data breach by not maintaining adequate and sufficient technical and organizational measures for personal data security for more than two and a half years.
English Summary[edit | edit source]
Facts[edit | edit source]
A data controller, who used the services of the security company, reported the breach of personal data to the DPA, arising after an employee of the company recorded the video surveillance footage with a smartphone and shared it with third parties. In consequence a recording was revealed ridicule in the public and the security company avoid doing anything to remove it from social networks and media. Furthermore, the processor has not prognosticated or implemented adequate technical security measures following the incident to prevent or minimize the risks.
Dispute[edit | edit source]
Holding[edit | edit source]
Insufficient technical and organisational measures were set to ensure data security, but the fact is that the basic activity of the company is the provision of physical and technical protection, which includes the use of video surveillance.
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Croatian original. Please refer to the Croatian original for more details.