Details:
| Summary | The union UILCOM Sardegna filed a complaint with the Italian DPA (garante) against the call center operator Concentrix Cvg Italy s.r.l. regarding an internal regulation of the controller. Under the terms of a ‘clean desk policy,’ the company had prohibited employees from keeping certain items, such as smartphones, on their desks, which was intended to ensure confidentiality in the processing of customers’ personal data. Exceptions were made for medication, which the data subjects proved they needed to take during their shift. These had to be placed visibly on the desk, making it indirectly possible for other employees to obtain information on the health status of the data subjects. The controller had indeed informed the data subjects about the rules of procedure and obtained their consents. However, this did not contain any information on the processing of their health data. |
| Link: | link |
| Related articles: | Art. 5 (1) a), c) GDPR, Art. 6 (1) b), c) GDPR, Art. 9 (1) b) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 20,000 |
| Sector | Employment |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/