Data Protection Academy » Data Protection News » Investigation by the Greek supervisory authority
Investigation by the Greek supervisory authority
Date: 14.01.2020
Responsible body: ALLSEAS MARINE S.A.
Nature of the data protection breach: Greece Video surveillance
The Greek supervisory authority is currently investigating the employer's access to and inspection of an employee's e-mails on a company server. It suspects that a video surveillance system has also been illegally installed and put into operation.
Access and view an employee's e-mails
Die Untersuchung ist eine Reaktion auf eine Beschwerde bezüglich der Rechtmäßigkeit der Verarbeitung personenbezogener Daten auf einem Server von “ALLSEAS MARINE S.A.” sowie der Rechtmäßigkeit des Zugriffs auf und der Einsichtnahme in gelöschte E-Mails eines leitenden Angestellten. Dieser stand unter Verdacht, unrechtmäßige Handlungen gegen die Interessen des Unternehmens begangen zu haben.
The competent authority found that the company, as controller, complied with the requirements of the GDPR had fulfilled. Internal company regulations have included a prohibition on the use of electronic communications and the company's networks for private purposes. Employees were made aware of the possibility of conducting internal inspections.
The company therefore had to be notified in accordance with Article 5, first paragraph and the Article 6(1)(f) the GDPR the right to conduct an internal investigation and to search or restore employees' e-mails.
Video surveillance is a violation of the DSGVO
However, the supervisory authority found that a video surveillance system had been illegally installed and operated. The recorded material submitted is to be classified as unlawful. The company also prohibited the employee concerned from having access to his personal data on his company PC.
As a result, the following corrective measures were imposed on the company:
- Grant the right to access and obtain information about his personal data stored on the company's computer
- Ensure within one month that the processing operations carried out by means of his video-surveillance system comply with the provisions of the GDPR correspond to
An effective, proportionate and dissuasive administrative fine of EUR 15 000 is imposed on the company. The reason for the data protection fine is the illegal installation and operation of a video surveillance system.
Country: Greece
Fines: 15,000 euros
- Internal control system - 10 September 2024
- TISAX requirements: Prepare certification step by step - 8 January 2024
- Audit management: Implementing audits more efficiently - 26 October 2023