Bank of Cyprus Public Company Ltd

€15,000

Insufficient technical and organisational measures to ensure information security

Fecha de la decisión

19 de octubre de 2020

Autoridad

Cypriot Data Protection Commissioner

CY

Sector

Finance, Insurance and Consulting

País

CY

Ley

GDPR

Estado

FINAL

Descripción

The data subject made a claim for access to information according to Art. 15 GDPR, which could not be answered, since the insurance contract of the data subject could not be found and has been lost. This constituted a violation of the rights of the data subject under Art. 15 GDPR as well as a violation of the obligations to protect personal data according to Art. 5 (1) f) GDPR and Art. 32 GDPR. In addition, the Data Breach Notification Obligations pursuant to Art. 33 f. GDPR have also been violated, as the data subject was not informed about the security incident in due time.

Citas legales

Art. 5 (1)Art. 5 (2)Art. 15Art. 32Art. 33

Problemas e infracciones

Insufficient technical and organisational measures to ensure information security
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Cypriot Data Protection Commissioner - Grant Ideas...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.