Hellenic Bank

€25,000

Insufficient technical and organisational measures to ensure information security

Date de décision

3 mars 2021

Autorité

Cypriot Data Protection Commissioner

CY

Secteur

Finance, Insurance and Consulting

Pays

CY

Droit

GDPR

Statut

FINAL

Description

The Cypriot DPA imposed a fine of EUR 25,000 on Hellenic Bank. The bank had closed one of its branches in the city of Nicosia in 2015. When moving out of the space, a safe containing old documents of still existing customers, installed in one of the walls, had been forgotten. As the building was vacant in the following years, the controller only learned about this incident when the property was rented out again for the first time in 2019. The new tenant had found the safe and informed the controller. Bank staff had then retrieved the documents and reported the data breach to the Cypriot DPA. The DPA ultimately concluded that the controller had violated Art. 5 (1) e), f) GDPR, Art. 32 (1) b), c) GDPR, and Art. 33 (1) GDPR.

Citations légales

Art. 5 (1)Art. 32 (1)Art. 33 (1)

Questions et violations

Insufficient technical and organisational measures to ensure information security
Voir le document officiel
Retour à la base de données des amendes
Précédent Amende
Data Protection Authority of Sachsen-Anhalt - Priv...
Prochaine amende
Data Protection Authority of Hamburg (HmbBfDI) - C...

Restez informé sur l'application de la législation en matière de protection de la vie privée

Nous respectons votre vie privée. Un courriel par mois, pas de spam, désabonnement à tout moment.