Details:
Summary | An employee was on sick leave when his employer checked his desktop, laptop and emails to ensure that his work-related duties were being covered in his absence. The employer then suspended his account. The employee did not receive pre-notification and did not have the chance to copy / delete his private information (telephone numbers, messages). According to NAIH, employers must record the access with minutes and photos. Employment agreements must regulate whether employees can use work equipment for private purposes. Privacy notices must contain the reasons for employee monitoring (e.g. business continuity, internal investigation, disciplinary purposes, and the specific retention period of employee data – including the length and recurrence of backup copies. Employers must also prepare ”balancing tests” to prove their legitimate interests for general employee monitoring and specific cases. |
Link: | link |
Related articles: | Art. 5 GDPR, Art. 6 GDPR, Art. 13 GDPR, Art. 24 GDPR, Art. 25 GDPR |
Type: | Non-compliance with general data processing principles |
Fine: | EUR 2,860 |
Sector | Employment |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/