Gaypa s.r.l. – €20,000 Fine (Italy, 2020)

€20,000Garante per la protezione dei dati personali29 October 2020Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Gaypa s.r.l. was fined for keeping a former employee's email account active and accessing their personal emails without permission. This misuse of data occurred after the employee's job ended, violating privacy rules. The decision stresses the need for companies to respect former employees' data rights.

What happened

Gaypa s.r.l. improperly accessed a former employee's email account and correspondence after their employment ended.

Who was affected

The former employee whose personal emails were accessed without their knowledge.

What the authority found

The Italian DPA ruled that Gaypa s.r.l. violated multiple GDPR articles by failing to inform the former employee about the continued use of their email account.

Why this matters

This ruling serves as a warning to companies about the importance of data privacy even after employment ends. It reinforces the need for clear policies regarding employee data management.

GDPR Articles Cited

Art. 12(GDPR)
Art. 13(GDPR)
Art. 5(1)(a) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Gaypa s.r.l. actions
Full Legal Summary
Detailed

The Italian DPA (Garante) imposed a fine of EUR 20,000 on Gaypa s.r.l.. The controller had kept a former employee's email account active and had access to the data subject's correspondence, despite the termination of his/her employment. The data subject had not been informed about such a further use of his/her e-mail account, as well as about the storage of all incoming and outgoing e-mails on the company servers and the related processing of his/her personal data.

Violations (1)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Gaypa s.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

RAMONA FILMS, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Fine Date

29 October 2020

Authority

Garante per la protezione dei dati personali

Fine Amount

€20,000

Enforcement Tracker ID

ETid-520

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Gaypa s.r.l. - Italy (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: