AZOP (Croatia) - Decision 22-02-2021: Difference between revisions

From GDPRhub
(Created page with "{{DPAdecisionBOX |Jurisdiction=Croatia |DPA-BG-Color= |DPAlogo=LogoHR.png |DPA_Abbrevation=AZOP |DPA_With_Country=AZOP (Croatia) |Case_Number_Name=Decision of 22 February 20...")
 
No edit summary
Line 54: Line 54:
}}
}}


Croatia's DPA, AZOP, found that the leading security company in Croatia as a data processor enabled the breach by not maintaining adequate and sufficient technical and organizational measures for personal data security for more than two and a half years.
Croatian DPA (AZOP) found that the leading security company in Croatia, acting as a data processor, enabled the data breach by not maintaining adequate and sufficient technical and organizational measures for personal data security for more than two and a half years.


== English Summary ==
==English Summary==


=== Facts ===
===Facts===
A data controller, who used the services of the security company, reported the breach of personal data to the DPA, arising after an employee of the security company recorded the video surveillance footage with a smartphone and shared it with third parties. In consequence a recording was revealed ridicule in the public and the security company avoid doing sth to remove it from social networks and media. Furthermore, the processor has not prognosticate or implemented adequate technical security measures following the incident to prevent or minimize the risks.  
A data controller, who used the services of the security company, reported the breach of personal data to the DPA, arising after an employee of the company recorded the video surveillance footage with a smartphone and shared it with third parties. In consequence a recording was revealed ridicule in the public and the security company avoid doing anything to remove it from social networks and media. Furthermore, the processor has not prognosticated or implemented adequate technical security measures following the incident to prevent or minimize the risks.  


=== Dispute ===
===Dispute===




=== Holding ===
===Holding===
Insufficient technical and organisational measures were set to ensure data security, but the fact is that the basic activity of the company is the provision of physical and technical protection, which includes the use of video surveillance.
Insufficient technical and organisational measures were set to ensure data security, but the fact is that the basic activity of the company is the provision of physical and technical protection, which includes the use of video surveillance.


== Comment ==
==Comment==
''Share your comments here!''
''Share your comments here!''


== Further Resources ==
==Further Resources==
''Share blogs or news articles here!''
''Share blogs or news articles here!''


== English Machine Translation of the Decision ==
==English Machine Translation of the Decision==
The decision below is a machine translation of the Croatian original. Please refer to the Croatian original for more details.
The decision below is a machine translation of the Croatian original. Please refer to the Croatian original for more details.


Revision as of 08:27, 9 March 2021

AZOP - Decision of 22 February 2021
LogoHR.png
Authority: AZOP (Croatia)
Jurisdiction: Croatia
Relevant Law: Article 32(1)(b) GDPR
Article 32(1)(d) GDPR
Article 32(2) GDPR
Article 32(4) GDPR
Type: Complaint
Outcome: Upheld
Started:
Decided:
Published:
Fine: 0
Parties: Security company (name N/A at the moment)
National Case Number/Name: Decision of 22 February 2021
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Croatian
Original Source: azop.hr (in HR)
Initial Contributor: Lejla Rizvanovik

Croatian DPA (AZOP) found that the leading security company in Croatia, acting as a data processor, enabled the data breach by not maintaining adequate and sufficient technical and organizational measures for personal data security for more than two and a half years.

English Summary

Facts

A data controller, who used the services of the security company, reported the breach of personal data to the DPA, arising after an employee of the company recorded the video surveillance footage with a smartphone and shared it with third parties. In consequence a recording was revealed ridicule in the public and the security company avoid doing anything to remove it from social networks and media. Furthermore, the processor has not prognosticated or implemented adequate technical security measures following the incident to prevent or minimize the risks.

Dispute

Holding

Insufficient technical and organisational measures were set to ensure data security, but the fact is that the basic activity of the company is the provision of physical and technical protection, which includes the use of video surveillance.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Croatian original. Please refer to the Croatian original for more details.
Retrieved from "https://gdprhub.eu/index.php?title=AZOP_(Croatia)_-_Decision_22-02-2021&oldid=13921"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki