Cyprus: €82,000 Fine For Using Automated Tool To Score Employees' Sick Leaves

The Cypriot Commissioner for Personal Data imposed an €82,000 fine on a group of companies that used an automated tool to score their employees' sick leaves, highlighting that such processing lacked a legal basis under the GDPR.

The Commissioner explained that the companies conducted an impact assessment of the processing operations, but after reviewing it, the Commissioner was not convinced that the companies' legitimate interest prevailed over the interests, rights, and freedoms of its employees. Consequently, the processing was found to have no legal basis. The Commissioner also noted that the companies failed to show the applicability of any of the provisions of the GDPR that allow them to process the health data of employees.

In addition to the penalty, the Cypriot Commissioner ordered the deletion of all the personal data collected.

CLICK HERE for the Commissioner's decision (in Greek).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.