Bank of Cyprus Public Company Ltd

€15,000

Insufficient technical and organisational measures to ensure information security

Data deciziei

19 octombrie 2020

Autoritatea

Cypriot Data Protection Commissioner

CY

Sector

Finance, Insurance and Consulting

Țara

CY

Legea

GDPR

Statut

FINAL

Descriere

The data subject made a claim for access to information according to Art. 15 GDPR, which could not be answered, since the insurance contract of the data subject could not be found and has been lost. This constituted a violation of the rights of the data subject under Art. 15 GDPR as well as a violation of the obligations to protect personal data according to Art. 5 (1) f) GDPR and Art. 32 GDPR. In addition, the Data Breach Notification Obligations pursuant to Art. 33 f. GDPR have also been violated, as the data subject was not informed about the security incident in due time.

Citări juridice

Art. 5 (1)Art. 5 (2)Art. 15Art. 32Art. 33

Probleme și încălcări

Insufficient technical and organisational measures to ensure information security
Vezi documentul oficial
Înapoi la baza de date a amenzilor
Amenda anterioară
Cypriot Data Protection Commissioner - Grant Ideas...
Următoarea amendă
Data Protection Authority of Hamburg (HmbBfDI) - C...

Rămâneți la curent cu aplicarea normelor de confidențialitate

Îți respectăm confidențialitatea. Un e-mail pe lună, fără spam, dezabonare oricând.