AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Turn data subjects request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

10.4 million Euro GDPR Fine to Notebooksbillinger for Video Surveillance

On January 8, 2021, the State Commissioner for Data Protection (LfD) Lower Saxony imposed a €10.4 million (or $12.7M) GDPR fine on the electronics retailer Notebooksbilliger.de for non-compliant video surveillance of its employees.

Two main objections of the LfD were that video monitoring was done without a proper legal basis and kept for significantly longer than necessary, in the time span of at least two years.

According to the LfD, cameras were installed in the employees’ common areas, workplace, warehouse, and sales points.

The video surveillance was not only aimed at employees but customers as well, since cameras were pointed to specific places where customers would stay for a longer period of time, like seating areas or areas where they could test displayed devices.

[RELATED TOPIC: Video surveillance under the GDPR]

Notebooksbilliger.de objected to the decision and claimed that video surveillance was installed to prevent theft and other criminal offenses and to track the flow of goods in the warehouses. They claim that in no time was the video system designed to monitor the behavior of employees or their performance.

However, as explained in the official statement, video surveillance to uncover criminal offenses is only lawful if there is justified suspicion against specific persons and for a limited time period.

In this specific case, video surveillance was neither limited nor directed to specific employees. In addition, in many cases, the recordings were saved for 60 days, which is significantly longer than necessary.

[RELATED TOPIC: 20 biggest GDPR fines so far]

The Lower Saxony data protection officer, Barbara Thiel, said, “video surveillance is a particularly intensive encroachment on personal rights because theoretically the entire behavior of a person can be observed and analyzed.

According to the case law of the Federal Labor Court, this can mean that those affected feel the pressure to behave as inconspicuously as possible in order not to be criticized or sanctioned for deviating behavior. ”

Also, the video surveillance method for preventing theft represents a measure that is disproportionate to the potential risk, since other, milder methods could be as effective as the video footage in preventing theft.

[RELATED TOPIC: Processing personal data of employees]

Thiel also stated “companies must understand that with such intensive video surveillance, they are massively violating the rights of their employees“, stressing that employees should not give up their personal rights just because their employer puts them under general suspicion.

The fine is not yet legally binding so it is yet to be seen if the arguments and efforts of the company will reduce the fine or if the appeal against the fine is going to lead to a completely different resolution of the case.

Read the entire official statement:  LfD Niedersachsen imposed a fine of 10.4 million euros on notebooksbilliger.de

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top