Uniontrad Company fined EUR 20,000

On 13/Jun/2019, Uniontrad Company received a privacy fine of EUR 20,000. The enforcement authority (French Data Protection Authority (CNIL)) has cited these legal provisions in imposing the fine on Uniontrad Company: GDPR/

Essentials

Date of enforcement action:
13/Jun/2019
Jurisdiction: Fine imposed:
France Flag for France, which is the jurisdiction taking enforcement action EUR 20,000 (US$21,900)
Defendant company or entity: Industry segment:
Uniontrad Company Professional Services /

Case summary

On 13 June 2019, the French Data Protection Regulator, CNIL, imposed a EUR 20,000 monetary penalty upon the Uniontrad Company.

The defendant company is a very small company (TPE) with nine employees and specialized in translation.

Between 2013 and 2017, the CNIL received complaints from several employees of the company who were filmed at their workstation. On two occasions, it alerted the company to the rules to be observed when installing cameras in the workplace and, in particular, that employees should not be filmed continuously and that specific information on the presence cameras should be given to them.

An on-site inspection was conducted on the premises of the company in February 2018. It found that:

  • cameras were present in the offices of the six translators, and that these cameras filmed them at their workstation without interruption;
  • no satisfactory information had been provided to employees;
  • computer workstations were not password-secure and translators accessed a shared corporate email with a unique password.

In July 2018, the President of the CNIL called on the company to comply with the Data Protection Act, asking it to:

  • move the cameras to no longer film employees consistently;  
  • to inform employees about the presence of cameras;
  • implement security measures for access to computer stations and for the traceability of access to professional email.

The implementation of an access traceability measure makes it possible to create a history of the accesses and actions performed by the people who connect to the mailbox and thus ensure the security of personal data.

In the absence of satisfactory measures at the end of the deadline set in the formal notice, the CNIL carried out a second audit in October 2018 which confirmed the persistence of the deficiencies despite the assertions to the contrary of the company. A sanction procedure was therefore initiated by the President of the CNIL, following which a EUR 20,000 monetary penalty was assessed against the company. 

(CNIL, Official Release in FR)

Applicable legal provisions

GDPR /

Enforcement information

Enforcement authority: Type of enforcement action:
French Data Protection Authority (CNIL) Flag for France, which is the jurisdiction taking enforcement action Penalty notice
Subject to appeal?
Yes

Cite this fine in your work

Data Privacy Fines Index. (2019-11-13 09:37) Uniontrad Company fined EUR 20,000. dataprivacyfines.com. Retrieved from https://dataprivacyfines.com/fine/uniontrad-company-fined-eur-20000/

Entry last updated: 2020-04-14 05:17 GMT.