Electricity Authority of Cyprus

€40,000

Insufficient legal basis for data processing

Otsuse kuupäev

3. märts 2021

Ametiasutus

Cypriot Data Protection Commissioner

CY

Sektor

Employment

Riik

CY

Seadus

GDPR

Staatus

FINAL

Kirjeldus

The Cypriot DPA imposed a fine of EUR 40,000 on the Electricity Authority of Cyprus. The controller used an automated system based on the so-called Brad-Factor to manage, monitor and control employee absences due to illness using a tool assessment. The DPA found that such an assessment mechanism was not covered by Cypriot labor law and had therefore been used unlawfully. Furthermore, an option for data subjects not to consent to such automated processing of their personal data should have been provided.

Õiguslikud viited

Art. 6 (1)Art. 9 (2)

Probleemid ja rikkumised

Insufficient legal basis for data processing
Vaata ametlikku dokumenti
Tagasi trahvide andmebaasi juurde
Eelmine trahv
Cypriot Data Protection Commissioner - KEPIDES...
Järgmine trahv
Data Protection Authority of Hamburg (HmbBfDI) - C...

Privaatsuse jõustamise kohta ajakohastatud teave

Me austame teie privaatsust. Üks e-kiri kuus, ei ole rämpsposti, loobuda tellimusest igal ajal.