Greece
Hellenic Post (ΕΛΛΗΝΙΚΑ ΤΑΧΥΔΡΟΜΕΙΑ ΑΝΩΝΥΜΗ ΕΤΑΙΡΕΙΑ)
2,995,140 €
GDPR enforcement action by Hellenic Data Protection Authority (HDPA) on 2024-02-28.
Rank · Sector
#19
of 167 in Transportation and Energy
Rank · Greece
#4
of 93
Rank · All fines
#105
of 3,050
Case details
- Authority
- Hellenic Data Protection Authority (HDPA)
- Date
- 2024-02-28
- Controller / Processor
- Hellenic Post (ΕΛΛΗΝΙΚΑ ΤΑΧΥΔΡΟΜΕΙΑ ΑΝΩΝΥΜΗ ΕΤΑΙΡΕΙΑ)
- Sector
- Transportation and Energy
- Quoted Articles
- Art. 5 (1) f) GDPR, Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Hellenic DPA has imposed a fine of EUR 2,995,140 on the Hellenic Post (ΕΛΛΗΝΙΚΑ ΤΑΧΥΔΡΟΜΕΙΑ ΑΝΩΝΥΜΗ ΕΤΑΙΡΕΙΑ). The controller had suffered a data breach which resulted in personal data being accessed and later published on the Dark Web. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to prevent such an incident.
Open original source
Links to the regulator's original publication or another source.
Related fines
Greece
2022-07-13
20,000,000 €
ETid-1268
Clearview Al Inc.
Industry and Commerce
Greece
2022-01-27
6,000,000 €
ETid-1024
Cosmote Mobile Telecommunications S.A.
Media, Telecoms and Broadcasting
Greece
2022-01-27
3,200,000 €
ETid-1025
OTE Group
Media, Telecoms and Broadcasting
Greece
2025-06-25
550,000 €
ETid-2878
Vodafone – PANAFON A.E.E.T.
Media, Telecoms and Broadcasting
Greece
2024-05-27
400,000 €
ETid-2556
Ministry of Interior (Greece)
Public Sector and Education
Greece
2023-06-12
210,000 €
ETid-1921
Piraeus Bank
Finance, Insurance and Consulting