Cafe operator

€1,000

Non-compliance with general data processing principles

Fecha de la decisión

7 de febrero de 2022

Spanish Data Protection Authority (aepd)

Accomodation and Hospitality

GDPR

FINAL

The cafe used CCTV cameras which also captured the public space outside resulting in a violation of the so called principle of data minimisation.

Art. 5 (1)

Non-compliance with general data processing principles