Hotel fined for violation of breakfast list

In recent days I have been writing about how British Airways and Marriott are facing a nine-figure fine for violations of the general data breach rule. These fines can represent up to 4% of a company's annual business turnover. So they can be huge.

Although not as big, @ Dailybits and @fotograaf point to another very interesting hotel data breach. This time, we are not talking about a fine of tens of millions of pounds sterling, nor an event that would have affected tens of millions of people.

We are talking more about a breakfast at the hotel. The application tracker of the GDPR shows a fine of July 15 at the World Trade Center Bucharest (which owns a Pullman hotel) in the amount of 15 000 euros. The violation? A list containing the names of 46 guests entitled to a breakfast at the hotel was photographed by an unauthorized person.. Here is the summary of the incident:

The breach of data security lay in the fact that a printed list used to check the breakfast and containing the personal data of 46 guests staying at the WORLD TRADE CENTER BUCHAREST SA of the hotel had been photographed by people outside the company and unauthorized. some clients' data through online publication. The operator of WORLD TRADE CENTER BUCHAREST SA has been sanctioned for failing to take steps to ensure that the data is not disclosed to unauthorized third parties.

It is said that the hotel has not put in place adequate technical and organizational measures to ensure an adequate level of security.

I totally agree that this hotel has not done enough to protect customer data, even though I am the only one to think that this is totally trivial? For example, I still think hotels are not doing enough to protect customer data.

For example, I can not count the number of times I saw the guest list on the host's stand at breakfast, nor the number of times I saw a guest list on a maintenance cart. Similarly, some hotel gyms require you to sign your name and room number on a list visible to all, which also appears to be a serious violation.

I absolutely think hotels should do better than that to protect customer data. However, if it is worth a fine, I feel that a large majority of hotels have a fine like this.

What do I miss?