Commissioner (Cyprus) - 11.17.001.008.029: Difference between revisions
(Created page with "{{DPAdecisionBOX |Jurisdiction=Cyprus |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoCY.jpg |DPA_Abbrevation=Commissioner |DPA_With_Country=Commissioner (Cyprus) |Case...") |
No edit summary |
||
| Line 60: | Line 60: | ||
}} | }} | ||
The Commissioner for Personal Data Protection (''Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα'') responded to a complaint by a member of the Cyprus Telecommunications Authority Employees Welfare Association (TEY-CYTA) who has submitted a data subject request and requested a copy of her personal data. | |||
== English Summary == | ==English Summary== | ||
=== Facts === | ===Facts=== | ||
It was found that the TEY-CYTA Association (Cyprus Telecommunications Authority Employees Welfare Fund) had access to personal data, more than was needed to satisfy the purposes, such as the photo of its members. | It was found that the TEY-CYTA Association (Cyprus Telecommunications Authority Employees Welfare Fund) had access to personal data, more than was needed to satisfy the purposes, such as the photo of its members. The TEY-CYTA due to the fact that they couldn't separate the databases for employees and for members, was not able to respond as they should. | ||
===Holding=== | |||
=== Holding === | |||
The Commissioner held that CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures and practices, so that TEY-CYTA no longer has access to data disproportionate to the purpose, excluding access to the photo of its members. In this case, no fine was imposed. | The Commissioner held that CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures and practices, so that TEY-CYTA no longer has access to data disproportionate to the purpose, excluding access to the photo of its members. In this case, no fine was imposed. | ||
== Comment == | ==Comment== | ||
''Share your comments here!'' | ''Share your comments here!'' | ||
== Further Resources == | ==Further Resources== | ||
''Share blogs or news articles here!'' | ''Share blogs or news articles here!'' | ||
== English Machine Translation of the Decision == | ==English Machine Translation of the Decision== | ||
The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details. | The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details. | ||
Revision as of 09:43, 24 March 2021
| Commissioner - 11.17.001.008.029 | |
|---|---|
 | |
| Authority: | Commissioner (Cyprus) |
| Jurisdiction: | Cyprus |
| Relevant Law: | Article 5(1) GDPR Article 24(1) GDPR Article 24(2) GDPR Article 25(1) GDPR Article 25(2) GDPR Article 32(1) GDPR Article 32(2) GDPR |
| Type: | Complaint |
| Outcome: | Upheld |
| Started: | |
| Decided: | 14.10.2020 |
| Published: | 14.10.2020 |
| Fine: | None |
| Parties: | n/a |
| National Case Number/Name: | 11.17.001.008.029 |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | Greek |
| Original Source: | Office of the Commissioner for Personal Data Protection (in EL) |
| Initial Contributor: | Elisavet Dravalou |
The Commissioner for Personal Data Protection (Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα) responded to a complaint by a member of the Cyprus Telecommunications Authority Employees Welfare Association (TEY-CYTA) who has submitted a data subject request and requested a copy of her personal data.
English Summary
Facts
It was found that the TEY-CYTA Association (Cyprus Telecommunications Authority Employees Welfare Fund) had access to personal data, more than was needed to satisfy the purposes, such as the photo of its members. The TEY-CYTA due to the fact that they couldn't separate the databases for employees and for members, was not able to respond as they should.
Holding
The Commissioner held that CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures and practices, so that TEY-CYTA no longer has access to data disproportionate to the purpose, excluding access to the photo of its members. In this case, no fine was imposed.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.
