Electricity Authority of Cyprus – €40,000 Fine (Cyprus, 2021)

€40,000Commissioner for Personal Data Protection3 March 2021Cyprus
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Electricity Authority of Cyprus was fined €40,000 for using an automated system to track employee sick leave without proper legal backing. This system didn't allow employees to opt out, violating GDPR rules. Businesses should ensure their employee monitoring tools comply with privacy laws.

What happened

The Electricity Authority of Cyprus used an unauthorized automated system to monitor employee sick leave.

Who was affected

Employees whose sick leave was monitored by the Electricity Authority of Cyprus without proper legal basis.

What the authority found

The Cypriot DPA determined that the automated monitoring system was used unlawfully and lacked employee consent options, breaching GDPR.

Why this matters

This decision highlights the importance of obtaining proper legal grounds and consent for employee data processing. Companies should review their monitoring systems to ensure compliance with privacy laws.

GDPR Articles Cited

Art. 6(1) GDPR
Art. 9(2) GDPR
Cyprus enforcementCommissioner for Personal Data Protection actionsAll Electricity Authority of Cyprus actions
Full Legal Summary
Detailed

The Cypriot DPA imposed a fine of EUR 40,000 on the Electricity Authority of Cyprus. The controller used an automated system based on the so-called Brad-Factor to manage, monitor and control employee absences due to illness using a tool assessment. The DPA found that such an assessment mechanism was not covered by Cypriot labor law and had therefore been used unlawfully. Furthermore, an option for data subjects not to consent to such automated processing of their personal data should have been provided.

Related Enforcement Actions (0)

No other enforcement actions found for Electricity Authority of Cyprus in CY

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

3 March 2021

Authority

Commissioner for Personal Data Protection

Fine Amount

€40,000

Enforcement Tracker ID

ETid-581

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Electricity Authority of Cyprus - Cyprus (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: