Data Protection Academy » Data Protection News » Investigation by the Greek supervisory authority

Data Protection Greece Video Surveillance

Investigation by the Greek supervisory authority

Date: 14.01.2020

Responsible body: ALLSEAS MARINE S.A.

Nature of the data protection breach: Greece Video surveillance

The Greek supervisory authority is currently investigating the employer's access to and inspection of an employee's e-mails on a company server. It suspects that a video surveillance system has also been illegally installed and put into operation.

Access and view an employee's e-mails

The investigation is a response to a complaint concerning the lawfulness of the processing of personal data on a server of "ALLSEAS MARINE S.A." and the lawfulness of access to and inspection of deleted e-mails of a senior executive. The latter was suspected of having committed unlawful acts against the interests of the company.

The competent authority found that the company, as controller, complied with the requirements of the GDPR had fulfilled. Internal company regulations have included a prohibition on the use of electronic communications and the company's networks for private purposes. Employees were made aware of the possibility of conducting internal inspections.

The company therefore had to be notified in accordance with Article 5, first paragraph and the Article 6(1)(f) the GDPR the right to conduct an internal investigation and to search or restore employees' e-mails.

Video surveillance is a violation of the DSGVO

However, the supervisory authority found that a video surveillance system had been illegally installed and operated. The recorded material submitted is to be classified as unlawful. The company also prohibited the employee concerned from having access to his personal data on his company PC.
As a result, the following corrective measures were imposed on the company:

  • Grant the right to access and obtain information about his personal data stored on the company's computer
  • Ensure within one month that the processing operations carried out by means of his video-surveillance system comply with the provisions of the GDPR correspond to

An effective, proportionate and dissuasive administrative fine of EUR 15 000 is imposed on the company. The reason for the data protection fine is the illegal installation and operation of a video surveillance system.

Country: Greece

Fines: 15,000 euros

SourceEuropean Data Protection Supervisor 

Back to the overview of the data breaches

Caroline Schwabe
Latest posts by Caroline Schwabe (see all)

This might interest you too:

Examples of GDPR fines: what happens in data protection

GDPR infringements are punished with heavy fines. Find out which data protection infringements are suspected and secure yourself.

Italian data protection supervisory authority imposed 27.8 million fine

The telecommunications operator was found to be involved in unlawful processing for marketing purposes. millions of people were affected.

Data protection fine imposed on the Municipality of Oslo Education Authority

120.000 € because the security of the app "Skolemelding" for communication between school staff, parents and pupils was not guaranteed.