Romania: ANSPDCP fines Kaufland €2,000 for failing to honour data subject access request
The National Supervisory Authority for Personal Data Processing ('ANSPDCP') published, on 25 March 2022, its decision, in which it imposed a fine of €2,000 to Kaufland Romania S.C.S., for violations of Article 15(3) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), following its investigation in February 2022.
Background to the decision
In particular, the ANSPDCP stated that it had initiated an investigation, following a complaint by an unnamed individual whose access to information request had not been honoured by Kaufland.
Findings of the ANSPDCP
Thus, the ANSPDCP launched an investigation and found that Kaufland failed to provide the individual with a copy of all the recordings of the video surveillance system concerning the individual, even though the same was available to them, and thus violated Article 15 of the GDPR.
As such, the ANSPDCP imposed a fine of €2,000 for the violation and further stated that Kaufland should honour the access request and submit all the recordings to the individual, as requested, but blur out any images that may lead to the identification of other individuals.
You can read the decision, only available in Romanian, here.