Bank of Cyprus Public Company Ltd

€15,000

Insufficient technical and organisational measures to ensure information security

Data della decisione

19 ottobre 2020

Autorità

Cypriot Data Protection Commissioner

CY

Settore

Finance, Insurance and Consulting

Paese

CY

Legge

GDPR

Stato

FINAL

Descrizione

The data subject made a claim for access to information according to Art. 15 GDPR, which could not be answered, since the insurance contract of the data subject could not be found and has been lost. This constituted a violation of the rights of the data subject under Art. 15 GDPR as well as a violation of the obligations to protect personal data according to Art. 5 (1) f) GDPR and Art. 32 GDPR. In addition, the Data Breach Notification Obligations pursuant to Art. 33 f. GDPR have also been violated, as the data subject was not informed about the security incident in due time.

Citazioni legali

Art. 5 (1)Art. 5 (2)Art. 15Art. 32Art. 33

Problemi e violazioni

Insufficient technical and organisational measures to ensure information security
Visualizza il documento ufficiale
Torna al database delle multe
Precedente Multa
Cypriot Data Protection Commissioner - Grant Ideas...
Prossima ammenda
Data Protection Authority of Hamburg (HmbBfDI) - C...

Rimanete aggiornati sull'applicazione della privacy

Rispettiamo la vostra privacy. Un'email al mese, niente spam, cancellazione in qualsiasi momento.