Cyprus
Electricity Authority of Cyprus
40,000 €
GDPR enforcement action by Cypriot Data Protection Commissioner on 2021-03-03.
Rank · Sector
#42
of 213 in Employment
Rank · Cyprus
#4
of 47
Rank · All fines
#796
of 3,050
Case details
- Authority
- Cypriot Data Protection Commissioner
- Date
- 2021-03-03
- Controller / Processor
- Electricity Authority of Cyprus
- Sector
- Employment
- Quoted Articles
- Art. 6 (1) GDPR, Art. 9 (2) GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
The Cypriot DPA imposed a fine of EUR 40,000 on the Electricity Authority of Cyprus. The controller used an automated system based on the so-called Brad-Factor to manage, monitor and control employee absences due to illness using a tool assessment. The DPA found that such an assessment mechanism was not covered by Cypriot labor law and had therefore been used unlawfully. Furthermore, an option for data subjects not to consent to such automated processing of their personal data should have been provided.
Open original source
Links to the regulator's original publication or another source.
Related fines
Cyprus
2021-11-12
925,000 €
ETid-909
WS WiSpear Systems Ltd
Industry and Commerce
Cyprus
2019-10-25
70,000 €
ETid-179
LGS Handling Ltd, Louis Travel Ltd, and Louis Aviation Ltd
Employment
Cyprus
2023-11-22
45,000 €
ETid-2144
Open University of Cyprus
Public Sector and Education
Cyprus
2021-09-06
40,000 €
ETid-830
APOEL FC
Individuals and Private Associations
Cyprus
2021-09-06
40,000 €
ETid-831
AC Omonia
Individuals and Private Associations
Cyprus
2021-03-03
25,000 €
ETid-578
Hellenic Bank
Finance, Insurance and Consulting