AZOP (Croatia) - Decision 22-02-2021
| AZOP - Decision of 22 February 2021 | |
|---|---|
 | |
| Authority: | AZOP (Croatia) |
| Jurisdiction: | Croatia |
| Relevant Law: | Article 32(1)(b) GDPR Article 32(1)(d) GDPR Article 32(2) GDPR Article 32(4) GDPR |
| Type: | Complaint |
| Outcome: | Upheld |
| Started: | |
| Decided: | 22.02.2021 |
| Published: | |
| Fine: | 0 |
| Parties: | Security company (name N/A at the moment) |
| National Case Number/Name: | Decision of 22 February 2021 |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | Croatian |
| Original Source: | azop.hr (in HR) |
| Initial Contributor: | Lejla Rizvanovik |
The Croatian DPA (AZOP) found that the leading security company in Croatia, acting as a data processor, enabled the data breach by not maintaining adequate and sufficient technical and organizational measures for personal data security for more than two and a half years.
English Summary
Facts
A data controller, who used the services of the security company, reported the breach of personal data to the DPA, arising after an employee of the company recorded the video surveillance footage with a smartphone and shared it with third parties. In consequence a recording was revealed ridicule in the public and the security company avoid doing anything to remove it from social networks and media. Furthermore, the processor has not prognosticated or implemented adequate technical security measures following the incident to prevent or minimize the risks.
Dispute
Holding
Insufficient technical and organisational measures were set to ensure data security, but the fact is that the basic activity of the company is the provision of physical and technical protection, which includes the use of video surveillance.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Croatian original. Please refer to the Croatian original for more details.
