The Italian DPA announced a EUR 20,000 fine for internal policy violating the employees' confidentiality and dignity


On 23 December 2020, the Italian DPA (“Garante”) announced publishing a decision fining an organization carrying out call center activities with EUR 20,000 for violating GDPR by requiring its employees to keep on their desks medical products and devices, as well as sanitary pads.

Garante found that the internal policy implemented by the sanctioned organization allowed the internal supervisors and colleagues to access the employees’ personal information and health data, in violation of their confidentiality and dignity.

The full press release is available here, and the decision is available here (both only in Italian).