206 CRISTINA MIHAELA SALCĂ ROTARU
- another case was that of contesting the contraventional sanction report of
an operator who had installed video surveillance cameras and thus processed the
image of the people, without first notifying the Supervisory Authority, claiming
that the processing carried out does not fall under the GDPR
In this regard, we mention that any data relating to a natural person,
identified or identifiable, such as: name and surname, address, place and date of
birth, citizenship, profession, e-mail, telephone number, image, place of work,
signature, sex, family situation are personal data.
The image is undoubtedly personal data, because it can lead to the
identification of a person, the installation of video cameras can only be done with
the consent of the neighbors.
Principles related to the processing of personal data
The GDPR sets out seven principles that must be complied with
cumulatively when making a decision about data processing. These principles
are: legality, fairness and transparency, limitations on purpose, minimizing data,
accuracy, high storage limitations, integrity and confidentiality, responsibility.
Legality, fairness and transparency - paragraph 39 of the GDPR – „any
processing of personal data should be fair, personal data should be adequate,
relevant and limited to what is necessary for the purposes for which they are
processed"2 and paragraph 40 of the GDPR, „in order for the processing of
personal data to be legal, it should be carried out on the basis of the consent of
the data subject or on the basis of another legitimate reason, provided by law,
either in this Regulation or in another act of Union or domestic law,,3.
The regulation provides that the data will be processed only with respect to
one or more conditions, namely the consent, the contract, the legal obligation, the
legitimate interest, the public interest and the vital interest.
Equity - assumes that the data processing is fair and legal for the data subject
who should easily exercise the rights provided in the GDPR.
Transparency - means that any information and communications related to
the processing of personal data are easily accessible, easy to understand,
presented in a simple and clear language.
Purpose limitations - paragraph 50 of the GDPR – „The processing of
personal data, for purposes other than the purposes for which the data were
initially collected, should be allowed only when the processing is compatible
with the purposes for which the personal data are were initially collected,,4. If the
data subject has given his consent or the processing is based on Union law or on
a national law which is a necessary and proportionate measure to protect a