Hungary

Unknown Company

2,860 €

GDPR enforcement action by Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) on 2019-10-15.

Rank · Sector

#169

of 213 in Employment

Rank · Hungary

#42

of 75

Rank · All fines

#2,148

of 3,050

Case details

Authority: Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
Date: 2019-10-15
Controller / Processor: Unknown Company
Sector: Employment
Quoted Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 13 GDPR, Art. 24 GDPR, Art. 25 GDPR
Type of violation: Non-compliance with general data processing principles

Summary

An employee was on sick leave when his employer checked his desktop, laptop and emails to ensure that his work-related duties were being covered in his absence. The employer then suspended his account. The employee did not receive pre-notification and did not have the chance to copy / delete his private information (telephone numbers, messages). According to NAIH, employers must record the access with minutes and photos. Employment agreements must regulate whether employees can use work equipment for private purposes. Privacy notices must contain the reasons for employee monitoring (e.g. business continuity, internal investigation, disciplinary purposes, and the specific retention period of employee data - including the length and recurrence of backup copies. Employers must also prepare ”balancing tests” to prove their legitimate interests for general employee monitoring and specific cases.

Open original source Links to the regulator's original publication or another source.