Bank of Cyprus Public Company Ltd

€15,000

Insufficient technical and organisational measures to ensure information security

Datum der Entscheidung

19. Oktober 2020

Behörde

Cypriot Data Protection Commissioner

CY

Sektor

Finance, Insurance and Consulting

Land

CY

Recht

GDPR

Status

FINAL

Beschreibung

The data subject made a claim for access to information according to Art. 15 GDPR, which could not be answered, since the insurance contract of the data subject could not be found and has been lost. This constituted a violation of the rights of the data subject under Art. 15 GDPR as well as a violation of the obligations to protect personal data according to Art. 5 (1) f) GDPR and Art. 32 GDPR. In addition, the Data Breach Notification Obligations pursuant to Art. 33 f. GDPR have also been violated, as the data subject was not informed about the security incident in due time.

Juristische Zitate

Art. 5 (1)Art. 5 (2)Art. 15Art. 32Art. 33

Probleme und Verstöße

Insufficient technical and organisational measures to ensure information security
Offizielles Dokument anzeigen
Zurück zur Bußgelddatenbank
Vorherige Geldstrafe
Cypriot Data Protection Commissioner - Grant Ideas...
Nächste Geldstrafe
Data Protection Authority of Hamburg (HmbBfDI) - C...

Bleiben Sie auf dem Laufenden über die Durchsetzung des Datenschutzes

Wir respektieren Ihre Privatsphäre. Eine E-Mail pro Monat, kein Spam, jederzeit abbestellbar.