Hungary

Unknown Company

1,430 €

GDPR enforcement action by Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) on 2019-12-11.

Rank · Sector

#193

of 213 in Employment

Rank · Hungary

#58

of 75

Rank · All fines

#2,534

of 3,050

Case details

Authority: Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
Date: 2019-12-11
Controller / Processor: Unknown Company
Sector: Employment
Quoted Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 13 GDPR, Art. 24 GDPR, Art. 25 GDPR
Type of violation: Non-compliance with general data processing principles

Summary

The employer restored the mailbox of a director who had left the company a year before and found an email containing a work-related document. The director received no warning that his former inbox would be activated and did not have a chance to copy / delete his private data (passwords and financial information). According to NAIH, an employee or a representative should be present when the employee's data is being accessed, even if the employment has been terminated. Employees should be able to request a copy or the deletion of their private data. Employers must record the access with minutes and photos; when the employee cannot be present, then in the presence of independent witnesses. Employers must adopt internal policies on archiving and the use of IT assets and e-mail accounts, including procedural rules such as the steps of an inspection and the officials authorised to carry it out.

Open original source Links to the regulator's original publication or another source.