XX – €1,000 Fine (Italy, 2020)

€1,000Garante per la protezione dei dati personali2 July 2020Italy
final
ePrivacy
Fine

Another Italian company faced a fine for improperly processing personal data related to a termination letter. This case is significant because it shows that businesses must follow data protection rules even in employment matters. Companies need to be careful about how they handle personal information in all situations.

What happened

The Garante fined the company for unlawful data processing related to a termination letter.

Who was affected

Employees whose personal data was mishandled during the termination process.

What the authority found

The authority determined that the company did not comply with GDPR requirements for lawful data processing.

Why this matters

This ruling highlights the importance of following data protection laws in employment practices. Businesses should review their processes to ensure compliance with GDPR.

GDPR Articles Cited

AI-verified

Art. 6(GDPR)
Art. 5(1)(a) GDPR
Art. 5(1)(c) GDPR
View original scraped data
Art. 5(1)(a) GDPR
Art. 5(1)(c) GDPR
Art. 6(GDPR)

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 157 Codice Privacy

Entities Involved

XX
TB s.r.l
Source verified 8 April 2026
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll XX actions
Full Legal Summary
Detailed

Ms. XX, an employee of TB s.r.l., claims a violation of her data protection rights following the posting on the company notice board "visible to all employees and customers of the supermarket [of] the letter of [...] dismissal without just cause, with attached [...] personal details [of the complainant itself]". Is the controller's decision to publish the termination letter respectful of the GDPR? The Garante clarifies that, following the termination of the employment relationship, there is an obligation to communicate to the employee, not to the general public (including the customers of the supermarket), to whom communication is not absolutely necessary. The communication could instead be made to previous colleagues of the complainant, but in different ways, respectful of confidentiality and professional of the data subject (see art. 5, paragraph 1, letter a) and c) of the Regulation). For the above reasons, the processing of personal data referred to the complainant is unlawful in relation to Articles 5, paragraph 1, letter a) and c) and 6 of the Regulation.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (1)

Other enforcement actions involving XX in IT

Fine
Jul 2020· Garante per la protezione dei dati personali

The case involved a violation of the right of access, unrelated to cookies or consent mechanisms.

€5K
Current
Jul 2020

Fine

€1K

Similar Cases

Enforcement actions with similar violations

Minister for Legal Protection

2022 · DPA RbOverijssel

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

2 July 2020

Authority

Garante per la protezione dei dati personali

Fine Amount

€1,000

GDPRhub ID

gdprhub-2669

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. XX - Italy (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: