

























In a complaint submitted to the Italian Supervisory Authority (SA), an individual complained that, after receiving a disciplinary letter followed by dismissal, the company had denied him access to his company' email account, which remained active. Exercising his rights, the data subject asked the company to disable the email account, forward any messages received in the meantime to his personal email address, and activate an automatic reply informing any senders of his new email address. However, this request remained unfulfilled, even though it was formulated in compliance with the GDPR.
During the investigation, the Italian SA found that the company not only continued to receive emails addressed to the employee, but also forwarded them to another company email account. This unlawful practice had been going on for about two months, exceeding the 30-day limit set by the company's internal rules.
The Italian SA fined the company 40 000 EUR.
In determining the amount of the fine, the SA took into account the type and duration of the violations, the failure to respond to the employee's request to exercise his rights, and the absence of previous violations of data protection regulations by the company.
The Authority therefore ordered the company to allow the employee access to his company email account and ordered its subsequent deletion, without prejudice to the retention of what was necessary for the protection of company's rights in court.
For further information: Garante: l’accesso alla email del lavoratore licenziato vìola la privacy
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。