Artima S.A. was recently fined €8,000 administratively for violations of the GDPR. The Romanian supervisory authority (ANSPDCP) also imposed a corrective measure on it.
The proceedings in the described case were initiated after the ANSPDCP received notification of a data breach processed by Artima. The incident concerned employees of the company who had unauthorisedly accessed the company’s video surveillance system. Using their personal mobile devices, the employees recorded footage from the company’s CCTV. The recorded content was then shared with a third party, who published it on social media.
The ANSPDCP found that Artima had not implemented sufficient technical and organisational measures to ensure a level of security appropriate to the risks of processing and to maintain the confidentiality of the data processed.
In response to the breaches, the ANSPDCP fined Artima €8,000 and ordered the company to introduce internal policies to prevent similar security incidents in the future.