Cyprus: Twice Warned, Once Bitten – Using The Bradford Formula In The GDPR Era

February 03 14:08 2020 Print This Article

What would you do as an employer if someone was to warn you, not once but twice, that unless you stopped following a certain staff monitoring method you could end up having to pay a fine of €82,000? More likely than not, your response would be to take such a warning seriously.

Yet the truth is that in real life and in most situations, it seems that one can never be certain of the outcome of a complaint at the Office of the Commissioner for Personal Data Protection. Particularly, the possible actual cost of such an outcome.

Perhaps, as an employer, you have been advised that you have nothing to fear and that you may continue to implement a staff monitoring practice that you not only consider quite reasonable but also have been advised is perfectly legal.

The Office of the Commissioner for Personal Data Protection published the Commissioner’s decision in relation to a complaint lodged by a local trade union against a well-known group of companies operating in the travel and tourism industry, for its use of the Bradford Formula, a tool used by teams to measure worker absenteeism. In short, the formula is based on the idea that short, frequent, and unplanned absences are more disruptive than longer absences. The companies were using the Bradford Formula to measure absenteeism, including sick days taken.

In this case, the trade union representatives had twice warned the HR Director of the employer that unless use of the Bradford Formula ceased, then a complaint would be lodged with the Office of the Commissioner for Personal Data Protection. The HR Director refused to stop using the system and even went as far as to challenge the trade union to proceed with a complaint.

The employer’s position was that by using the Bradford Formula it was acting within its rights under Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

The Commissioner decided that use of the Bradford Formula entails use of special categories of personal data, including personal data relating to health, use of which is not allowed by any of the conditions set by the relevant articles of the Regulation.

In her decision, the Commissioner for Personal Data Protection ordered the employers, not only to stop using the Bradford Formula but also to destroy the database that had been created as a result.

Furthermore, as to the financial impact of the decision, apart from other expenses with which the employer was actually burdened with, such as legal fees, a total fine of €82,000 was imposed on the group of companies. One cannot also preclude the possibility of a recourse to the Administrative Court involving further legal costs.

One wonders whether the Human Resources Directors of another company, if ever faced with a similar approach by a representative of a trade union or even a single employee, will respond differently to such a warning.

It is worth noting that the decision of the Commissioner is carefully reasoned and can be read, in Greek, by clicking here.

The original article was posted here: https://www.mondaq.com/cyprus/Privacy/889430/Twice-Warned-Once-Bitten-Using-The-Bradford-Formula-In-The-GDPR-Era

  Article "tagged" as:
  Categories:
view more articles

About Article Author

Manthos Mattheou
Manthos Mattheou

View More Articles
write a comment

0 Comments

No Comments Yet!

You can be the one to start a conversation.

Add a Comment