Data Protection Academy » Data Protection News » Investigation by the Greek supervisory authority

Data Protection Greece Video Surveillance

Investigation by the Greek supervisory authority

Date: 14.01.2020

Responsible body: ALLSEAS MARINE S.A.

Nature of the data protection breach: Greece Video surveillance

The Greek supervisory authority is currently investigating the employer's access to and inspection of an employee's e-mails on a company server. It suspects that a video surveillance system has also been illegally installed and put into operation.

Access and view an employee's e-mails

Die Untersuchung ist eine Reaktion auf eine Beschwerde bezüglich der Rechtmäßigkeit der Verarbeitung personenbezogener Daten auf einem Server von “ALLSEAS MARINE S.A.” sowie der Rechtmäßigkeit des Zugriffs auf und der Einsichtnahme in gelöschte E-Mails eines leitenden Angestellten. Dieser stand unter Verdacht, unrechtmäßige Handlungen gegen die Interessen des Unternehmens begangen zu haben.

The competent authority found that the company, as controller, complied with the requirements of the GDPR had fulfilled. Internal company regulations have included a prohibition on the use of electronic communications and the company's networks for private purposes. Employees were made aware of the possibility of conducting internal inspections.

The company therefore had to be notified in accordance with Article 5, first paragraph and the Article 6(1)(f) the GDPR the right to conduct an internal investigation and to search or restore employees' e-mails.

Video surveillance is a violation of the DSGVO

However, the supervisory authority found that a video surveillance system had been illegally installed and operated. The recorded material submitted is to be classified as unlawful. The company also prohibited the employee concerned from having access to his personal data on his company PC.
As a result, the following corrective measures were imposed on the company:

  • Grant the right to access and obtain information about his personal data stored on the company's computer
  • Ensure within one month that the processing operations carried out by means of his video-surveillance system comply with the provisions of the GDPR correspond to

An effective, proportionate and dissuasive administrative fine of EUR 15 000 is imposed on the company. The reason for the data protection fine is the illegal installation and operation of a video surveillance system.

Country: Greece

Fines: 15,000 euros

SourceEuropean Data Protection Supervisor 

Back to the overview of the data breaches

Caroline Schwabe
Latest posts by Caroline Schwabe (see all)

This might interest you too:

Examples of GDPR fines: what happens in data protection

GDPR infringements are punished with heavy fines. Find out which data protection infringements are suspected and secure yourself.

Data protection fine imposed on the Municipality of Oslo Education Authority

120.000 € because the security of the app "Skolemelding" for communication between school staff, parents and pupils was not guaranteed.

Data protection fine Swedish company

35,000 euros fine for violation of three Swedish laws at once. Information about creditworthiness published.