Concentrix Cvg Italy s.r.l. – €20,000 Fine (Italy, 2020)

€20,000Garante per la protezione dei dati personali26 November 2020Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Concentrix Cvg Italy s.r.l. was fined for not properly protecting employees' health data. The company allowed workers to keep medication on their desks, which could reveal personal health information to others. This decision highlights the importance of safeguarding sensitive data in the workplace.

What happened

Concentrix Cvg Italy s.r.l. failed to adequately protect employees' health information by allowing visible medication on desks.

Who was affected

Employees whose health data could be indirectly accessed by coworkers due to the company's desk policy.

What the authority found

The Italian data protection authority ruled that Concentrix did not comply with data protection rules regarding the confidentiality of health data.

Why this matters

This case emphasizes that companies must ensure the confidentiality of sensitive information, especially in workplace settings. Businesses should review their policies to prevent unauthorized access to personal data.

GDPR Articles Cited

Art. 5(1)(a) GDPR
Art. 6(1)(b) GDPR
Art. 9(1)(b) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Concentrix Cvg Italy s.r.l. actions
Full Legal Summary
Detailed

The union UILCOM Sardegna filed a complaint with the Italian DPA (garante) against the call center operator Concentrix Cvg Italy s.r.l. regarding an internal regulation of the controller. Under the terms of a 'clean desk policy,' the company had prohibited employees from keeping certain items, such as smartphones, on their desks, which was intended to ensure confidentiality in the processing of customers' personal data. Exceptions were made for medication, which the data subjects proved they needed to take during their shift. These had to be placed visibly on the desk, making it indirectly possible for other employees to obtain information on the health status of the data subjects. The controller had indeed informed the data subjects about the rules of procedure and obtained their consents. However, this did not contain any information on the processing of their health data.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Concentrix Cvg Italy s.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

RAMONA FILMS, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Fine Date

26 November 2020

Authority

Garante per la protezione dei dati personali

Fine Amount

€20,000

Enforcement Tracker ID

ETid-503

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Concentrix Cvg Italy s.r.l. - Italy (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: