English School staff union (ESSA)

€5,000

Insufficient technical and organisational measures to ensure information security

Decision Date

March 21, 2022

Authority

Cypriot Data Protection Commissioner

CY

Sector

Public Sector and Education

Country

CY

Law

GDPR

Status

FINAL

Description

The Cypriot DPA has imposed a fine of EUR 5,000 on the English School staff union (ESSA). The school had notified the DPA of a data breach under Art. 33 GDPR. A teacher, also a member of the staff union, had used the email addresses of the parents of the students for a purpose other than the one for which the email addresses had originally been collected. The DPA found that the staff union had failed to take appropriate technical and organizational measures to ensure the protection of personal data and to prevent such incidents.

Legal Citations

Art. 32

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
Norwegian Supervisory Authority (Datatilsynet) - C...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.