On 13/Jun/2019, Uniontrad Company received a privacy fine of EUR 20,000. The enforcement authority (French Data Protection Authority (CNIL)) has cited these legal provisions in imposing the fine on Uniontrad Company: GDPR/
|Date of enforcement action:|
|France||EUR 20,000 (US$21,900)|
|Defendant company or entity:||Industry segment:|
|Uniontrad Company||Professional Services /|
On 13 June 2019, the French Data Protection Regulator, CNIL, imposed a EUR 20,000 monetary penalty upon the Uniontrad Company.
The defendant company is a very small company (TPE) with nine employees and specialized in translation.
Between 2013 and 2017, the CNIL received complaints from several employees of the company who were filmed at their workstation. On two occasions, it alerted the company to the rules to be observed when installing cameras in the workplace and, in particular, that employees should not be filmed continuously and that specific information on the presence cameras should be given to them.
An on-site inspection was conducted on the premises of the company in February 2018. It found that:
- cameras were present in the offices of the six translators, and that these cameras filmed them at their workstation without interruption;
- no satisfactory information had been provided to employees;
- computer workstations were not password-secure and translators accessed a shared corporate email with a unique password.
In July 2018, the President of the CNIL called on the company to comply with the Data Protection Act, asking it to:
- move the cameras to no longer film employees consistently;
- to inform employees about the presence of cameras;
- implement security measures for access to computer stations and for the traceability of access to professional email.
The implementation of an access traceability measure makes it possible to create a history of the accesses and actions performed by the people who connect to the mailbox and thus ensure the security of personal data.
In the absence of satisfactory measures at the end of the deadline set in the formal notice, the CNIL carried out a second audit in October 2018 which confirmed the persistence of the deficiencies despite the assertions to the contrary of the company. A sanction procedure was therefore initiated by the President of the CNIL, following which a EUR 20,000 monetary penalty was assessed against the company.
(CNIL, Official Release in FR)
|Enforcement authority:||Type of enforcement action:|
|French Data Protection Authority (CNIL)||Penalty notice|
|Subject to appeal?|
Cite this fine in your work
Data Privacy Fines Index. (2019-11-13 09:37) Uniontrad Company fined EUR 20,000. dataprivacyfines.com. Retrieved from https://dataprivacyfines.com/fine/uniontrad-company-fined-eur-20000/
Entry last updated: 2020-04-14 05:17 GMT.