Cyprus
Cyprus Police
6,000 €
GDPR enforcement action by Cypriot Data Protection Commissioner on 2020-10-22.
Rank · Sector
#211
of 357 in Public Sector and Education
Rank · Cyprus
#25
of 47
Rank · All fines
#1,606
of 3,050
Case details
- Authority
- Cypriot Data Protection Commissioner
- Date
- 2020-10-22
- Controller / Processor
- Cyprus Police
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
A police officer had unauthorized access to a database holding personal data about vehicle owners and used the database for non-official purposes to pass information from the database to a third party. In this respect, the organizational and technical measures taken by the police to prevent unauthorized access to the database were insufficient to prevent the unauthorized disclosure of personal data to third parties.
Open original source
Links to the regulator's original publication or another source.
Related fines
Cyprus
2021-11-12
925,000 €
ETid-909
WS WiSpear Systems Ltd
Industry and Commerce
Cyprus
2019-10-25
70,000 €
ETid-179
LGS Handling Ltd, Louis Travel Ltd, and Louis Aviation Ltd
Employment
Cyprus
2023-11-22
45,000 €
ETid-2144
Open University of Cyprus
Public Sector and Education
Cyprus
2021-03-03
40,000 €
ETid-581
Electricity Authority of Cyprus
Employment
Cyprus
2021-09-06
40,000 €
ETid-830
APOEL FC
Individuals and Private Associations
Cyprus
2021-09-06
40,000 €
ETid-831
AC Omonia
Individuals and Private Associations