Details:
| Summary | The Cypriot DPA imposed a fine of EUR 40,000 on the Electricity Authority of Cyprus. The controller used an automated system based on the so-called Brad-Factor to manage, monitor and control employee absences due to illness using a tool assessment. The DPA found that such an assessment mechanism was not covered by Cypriot labor law and had therefore been used unlawfully. Furthermore, an option for data subjects not to consent to such automated processing of their personal data should have been provided. |
| Link: | link |
| Related articles: | Art. 6 (1) GDPR, Art. 9 (2) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 40,000 |
| Sector | Employment |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/