Cyprus
APOEL FC
40,000 €
GDPR enforcement action by Cypriot Data Protection Commissioner on 2021-09-06.
Rank · Sector
#19
of 351 in Individuals and Private Associations
Rank · Cyprus
#5
of 47
Rank · All fines
#800
of 3,050
Case details
- Authority
- Cypriot Data Protection Commissioner
- Date
- 2021-09-06
- Controller / Processor
- APOEL FC
- Sector
- Individuals and Private Associations
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Cypriot DPA has imposed a fine of EUR 40,000 on the soccer club APOEL FC. Due to a lack of security measures in the club's ticket sales system, it was possible for an unauthorized person to access and disclose personal data of fans on the club's website. This data involved the name, the fan card number and the ID number of the data subjects. The DPA concluded that the club failed to implement adequate technical and organizational security measures. In separate proceedings, the DPA fined AC Omonia and Hellenic Technical Enterprises Ltd. for the same violations.
Open original source
Links to the regulator's original publication or another source.
Related fines
Cyprus
2021-11-12
925,000 €
ETid-909
WS WiSpear Systems Ltd
Industry and Commerce
Cyprus
2019-10-25
70,000 €
ETid-179
LGS Handling Ltd, Louis Travel Ltd, and Louis Aviation Ltd
Employment
Cyprus
2023-11-22
45,000 €
ETid-2144
Open University of Cyprus
Public Sector and Education
Cyprus
2021-03-03
40,000 €
ETid-581
Electricity Authority of Cyprus
Employment
Cyprus
2021-09-06
40,000 €
ETid-831
AC Omonia
Individuals and Private Associations
Cyprus
2021-03-03
25,000 €
ETid-578
Hellenic Bank
Finance, Insurance and Consulting