Cyprus
Bank of Cyprus Public Company Ltd
15,000 €
GDPR enforcement action by Cypriot Data Protection Commissioner on 2020-10-19.
Rank · Sector
#178
of 322 in Finance, Insurance and Consulting
Rank · Cyprus
#11
of 47
Rank · All fines
#1,179
of 3,050
Case details
- Authority
- Cypriot Data Protection Commissioner
- Date
- 2020-10-19
- Controller / Processor
- Bank of Cyprus Public Company Ltd
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 15 GDPR, Art. 32 GDPR, Art. 33 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The data subject made a claim for access to information according to Art. 15 GDPR, which could not be answered, since the insurance contract of the data subject could not be found and has been lost. This constituted a violation of the rights of the data subject under Art. 15 GDPR as well as a violation of the obligations to protect personal data according to Art. 5 (1) f) GDPR and Art. 32 GDPR. In addition, the Data Breach Notification Obligations pursuant to Art. 33 f. GDPR have also been violated, as the data subject was not informed about the security incident in due time.
Open original source
Links to the regulator's original publication or another source.
Related fines
Cyprus
2021-11-12
925,000 €
ETid-909
WS WiSpear Systems Ltd
Industry and Commerce
Cyprus
2019-10-25
70,000 €
ETid-179
LGS Handling Ltd, Louis Travel Ltd, and Louis Aviation Ltd
Employment
Cyprus
2023-11-22
45,000 €
ETid-2144
Open University of Cyprus
Public Sector and Education
Cyprus
2021-03-03
40,000 €
ETid-581
Electricity Authority of Cyprus
Employment
Cyprus
2021-09-06
40,000 €
ETid-830
APOEL FC
Individuals and Private Associations
Cyprus
2021-09-06
40,000 €
ETid-831
AC Omonia
Individuals and Private Associations