Bank of Cyprus Public Company Ltd

€15,000

Insufficient technical and organisational measures to ensure information security

Lēmuma datums

2020. gada 19. oktobris

Iestāde

Cypriot Data Protection Commissioner

CY

Nozare

Finance, Insurance and Consulting

Valsts

CY

Likums

GDPR

Statuss

FINAL

Apraksts

The data subject made a claim for access to information according to Art. 15 GDPR, which could not be answered, since the insurance contract of the data subject could not be found and has been lost. This constituted a violation of the rights of the data subject under Art. 15 GDPR as well as a violation of the obligations to protect personal data according to Art. 5 (1) f) GDPR and Art. 32 GDPR. In addition, the Data Breach Notification Obligations pursuant to Art. 33 f. GDPR have also been violated, as the data subject was not informed about the security incident in due time.

Juridiskās atsauces

Art. 5 (1)Art. 5 (2)Art. 15Art. 32Art. 33

Jautājumi un pārkāpumi

Insufficient technical and organisational measures to ensure information security
Skatīt oficiālo dokumentu
Atgriezties pie Naudas sodu datubāzes
Iepriekšējais naudas sods
Cypriot Data Protection Commissioner - Grant Ideas...
Nākamais naudas sods
Data Protection Authority of Hamburg (HmbBfDI) - C...

Atjauniniet informāciju par konfidencialitātes ieviešanu

Mēs respektējam jūsu konfidencialitāti. Viens e-pasts mēnesī, bez surogātpasta, jebkurā laikā varat atteikties no abonēšanas.