Electricity Authority of Cyprus

€40,000

Insufficient legal basis for data processing

Dato for beslutning

3. marts 2021

Myndighed

Cypriot Data Protection Commissioner

CY

Sektor

Employment

Land

CY

Lovgivning

GDPR

Status

FINAL

Beskrivelse

The Cypriot DPA imposed a fine of EUR 40,000 on the Electricity Authority of Cyprus. The controller used an automated system based on the so-called Brad-Factor to manage, monitor and control employee absences due to illness using a tool assessment. The DPA found that such an assessment mechanism was not covered by Cypriot labor law and had therefore been used unlawfully. Furthermore, an option for data subjects not to consent to such automated processing of their personal data should have been provided.

Juridiske citater

Art. 6 (1)Art. 9 (2)

Problemer og overtrædelser

Insufficient legal basis for data processing
Se officielt dokument
Tilbage til bøde-databasen
Forrige bøde
Cypriot Data Protection Commissioner - KEPIDES...
Næste bøde
Data Protection Authority of Hamburg (HmbBfDI) - C...

Hold dig opdateret om håndhævelse af privatlivets fred

Vi respekterer dit privatliv. En e-mail om måneden, ingen spam, afmeld når som helst.