Bank of Cyprus Public Company Ltd

€15,000

Insufficient technical and organisational measures to ensure information security

Дата принятия решения

19 октября 2020 г.

Авторитет

Cypriot Data Protection Commissioner

CY

Сектор

Finance, Insurance and Consulting

Страна

CY

Закон

GDPR

Статус

FINAL

Описание

The data subject made a claim for access to information according to Art. 15 GDPR, which could not be answered, since the insurance contract of the data subject could not be found and has been lost. This constituted a violation of the rights of the data subject under Art. 15 GDPR as well as a violation of the obligations to protect personal data according to Art. 5 (1) f) GDPR and Art. 32 GDPR. In addition, the Data Breach Notification Obligations pursuant to Art. 33 f. GDPR have also been violated, as the data subject was not informed about the security incident in due time.

Юридические цитаты

Art. 5 (1)Art. 5 (2)Art. 15Art. 32Art. 33

Проблемы и нарушения

Insufficient technical and organisational measures to ensure information security
Посмотреть официальный документ
Вернуться к базе данных штрафов
Предыдущий штраф
Cypriot Data Protection Commissioner - Grant Ideas...
Следующий штраф
Data Protection Authority of Hamburg (HmbBfDI) - C...

Будьте в курсе событий, связанных с соблюдением конфиденциальности

Мы уважаем вашу конфиденциальность. Одно письмо в месяц, без спама, отказ от подписки в любое время.