Bank of Cyprus Public Company Ltd.

€17,000

Insufficient technical and organisational measures to ensure information security

Decision Date

January 1, 2022

Authority

Cypriot Data Protection Commissioner

CY

Sector

Finance, Insurance and Consulting

Country

CY

Law

GDPR

Status

FINAL

Description

The Cypriot DPA has imposed a fine of EUR 17,000 on Bank of Cyprus Public Company Ltd. In the context of a sale of credit facilities, the bank had inadvertently transferred data of customers whose credit facilities had not been sold to the buyer. The incidents affected approximately 11,673 records and 5,500 individuals. The DPA found that the bank had failed to implement sufficient technical and organizational measures to protect personal data.

Legal Citations

Art. 5 (1)Art. 24 (1)Art. 32

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
Cypriot Data Protection Commissioner - PRINTAFORM ...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.