Bank of Cyprus Public Company Ltd
€15,000
Insufficient technical and organisational measures to ensure information security
결정 날짜
2020년 10월 19일
권한
Cypriot Data Protection Commissioner
CY
섹터
Finance, Insurance and Consulting
국가
CY
법률
GDPR상태
FINAL설명
The data subject made a claim for access to information according to Art. 15 GDPR, which could not be answered, since the insurance contract of the data subject could not be found and has been lost. This constituted a violation of the rights of the data subject under Art. 15 GDPR as well as a violation of the obligations to protect personal data according to Art. 5 (1) f) GDPR and Art. 32 GDPR. In addition, the Data Breach Notification Obligations pursuant to Art. 33 f. GDPR have also been violated, as the data subject was not informed about the security incident in due time.
법적 인용
Art. 5 (1)Art. 5 (2)Art. 15Art. 32Art. 33
문제 및 위반 사항
Insufficient technical and organisational measures to ensure information security