Hungary

Operator of a care facility

1,425 €

GDPR enforcement action by Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) on 2021-03-25.

Rank · Sector

#242

of 270 in Health Care

Rank · Hungary

#57

of 73

Rank · All fines

#2,527

of 3,042

Case details

Authority: Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
Date: 2021-03-25
Controller / Processor: Operator of a care facility
Sector: Health Care
Quoted Articles: Art. 5 (1) a), b), c) GDPR, Art. 6 GDPR, Art. 13 (1), (2) GDPR
Type of violation: Insufficient legal basis for data processing

Summary

The Hungarian DPA (NAIH) has imposed a fine of EUR 1,425 on the operator of a care facility. The operator had installed a total of 25 cameras in all rooms of the facility, with the exception of the restrooms, locker rooms and the main nurses' station. Both the residents of the facility and the employees were recorded by the video surveillance. The controller states that the cameras were installed for security purposes. These included preventing unauthorized persons from gaining access to the facility and deterring theft. The DPA states that such extensive video surveillance was not necessary for the processing purpose (security of the facility). Furthermore, the controller did not sufficiently inform the data subjects about the data processing.

Open original source Links to the regulator's original publication or another source.