Malta

C-Planet (IT Solutions) Limited

65,000 €

GDPR enforcement action by Data Protection Commissioner of Malta on 2022-01-17.

Rank · Sector

#94

of 597 in Industry and Commerce

Rank · Malta

of 15

Rank · All fines

#615

of 3,050

Case details

Authority: Data Protection Commissioner of Malta
Date: 2022-01-17
Controller / Processor: C-Planet (IT Solutions) Limited
Sector: Industry and Commerce
Quoted Articles: Art. 5 (1) f) GDPR, Art. 6 (1) GDPR, Art. 9 (1), (2) GDPR, Art. 14 GDPR, Art. 32 GDPR, Art. 33 GDPR, Art. 34 GDPR
Type of violation: Insufficient technical and organisational measures to ensure information security

Summary

The DPA of Malta has imposed a fine of EUR 65,000 on C-Planet (IT Solutions) Limited. The DPA had initiated an investigation against C-Planet in April 2020 after being informed of a data breach.
The DPA noted as a result that C-Planet had violated Art. 6 (1) GDPR, Art. 9 (1), (2) GDPR, Art. 14 GDPR and Art. 5 (1) f) GDPR in the context of data processing.

The DPA also found that C-Planet failed to implement appropriate technical and organizational measures to ensure a level of security commensurate with the risk and that this led to the data breach. This constitutes a violation of Art. 32 GDPR.
In addition, the DPA found that the controller failed to notify the personal data breach within the legally required deadline and to inform the data subjects. This constitutes a violation of Art. 33 GDPR and Art. 34 GDPR.

Open original source Links to the regulator's original publication or another source.