Bank of Cyprus Public Company Ltd

€15,000

Insufficient technical and organisational measures to ensure information security

Date de décision

19 octobre 2020

Autorité

Cypriot Data Protection Commissioner

CY

Secteur

Finance, Insurance and Consulting

Pays

CY

Droit

GDPR

Statut

FINAL

Description

The data subject made a claim for access to information according to Art. 15 GDPR, which could not be answered, since the insurance contract of the data subject could not be found and has been lost. This constituted a violation of the rights of the data subject under Art. 15 GDPR as well as a violation of the obligations to protect personal data according to Art. 5 (1) f) GDPR and Art. 32 GDPR. In addition, the Data Breach Notification Obligations pursuant to Art. 33 f. GDPR have also been violated, as the data subject was not informed about the security incident in due time.

Citations légales

Art. 5 (1)Art. 5 (2)Art. 15Art. 32Art. 33

Questions et violations

Insufficient technical and organisational measures to ensure information security
Voir le document officiel
Retour à la base de données des amendes
Précédent Amende
Cypriot Data Protection Commissioner - Grant Ideas...
Prochaine amende
Data Protection Authority of Hamburg (HmbBfDI) - C...

Restez informé sur l'application de la législation en matière de protection de la vie privée

Nous respectons votre vie privée. Un courriel par mois, pas de spam, désabonnement à tout moment.