Romanian Watchdog Slaps School for GDPR Violations
A high school in Romania breached the General Data Protection Regulation by processing personal data through a video surveillance system whose monitors were illegally and excessively installed in the principal's office, giving his personal phone access to images and audio captured in hallways, the stairwell and bathrooms. The Romanian National Supervisory Authority for Personal Data Processing announced results of its investigation Feb. 7.
Sign up for a free preview to unlock the rest of this article
Located in Targu Neamt, northern Romania, the Vasile Conta school also failed to implement adequate technical and organizational measures to ensure data confidentiality, the regulator said. It reprimanded the school and ordered a review of internal procedures for adopting procedures to ensure that video surveillance is processed in accordance with the GDPR and that access to the images is limited and secure.
Romanian law requires that public authorities accused of GDPR breaches first be reprimanded and ordered to carry out a remedial plan, the authority said. Failure to comply could result in a fine.