Commissioner (Cyprus) - 11.17.001.008.029: Difference between revisions

From GDPRhub
(Created page with "{{DPAdecisionBOX |Jurisdiction=Cyprus |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoCY.jpg |DPA_Abbrevation=Commissioner |DPA_With_Country=Commissioner (Cyprus) |Case...")
 
No edit summary
Line 60: Line 60:
}}
}}


A member of the Cyprus Telecommunications Authority Employees Welfare Association (TEY-CYTA) Association has submitted a data subject request and requested a copy of her personal data. The TEY-CYTA  due to the fact that they couldn't separate the databases for employees and for members, was not able to respond as they should. The Commissioner found that the controller violated  articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR.
The Commissioner for Personal Data Protection (''Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα'') responded to a complaint by a member of the Cyprus Telecommunications Authority Employees Welfare Association (TEY-CYTA) who has submitted a data subject request and requested a copy of her personal data.  


== English Summary ==
==English Summary==


=== Facts ===
===Facts===
It was found that the TEY-CYTA Association (Cyprus Telecommunications Authority Employees Welfare Fund) had access to personal data, more than was needed to satisfy the purposes, such as the photo of its members.  
It was found that the TEY-CYTA Association (Cyprus Telecommunications Authority Employees Welfare Fund) had access to personal data, more than was needed to satisfy the purposes, such as the photo of its members. The TEY-CYTA  due to the fact that they couldn't separate the databases for employees and for members, was not able to respond as they should. 
 
===Holding===
=== Dispute ===
 
 
=== Holding ===
The Commissioner held that CYTA violated  articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures and practices, so that TEY-CYTA no longer has access to data disproportionate to the purpose, excluding access to the photo of its members. In this case, no fine was imposed.
The Commissioner held that CYTA violated  articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures and practices, so that TEY-CYTA no longer has access to data disproportionate to the purpose, excluding access to the photo of its members. In this case, no fine was imposed.


== Comment ==
==Comment==
''Share your comments here!''
''Share your comments here!''


== Further Resources ==
==Further Resources==
''Share blogs or news articles here!''
''Share blogs or news articles here!''


== English Machine Translation of the Decision ==
==English Machine Translation of the Decision==
The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.
The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.



Revision as of 09:43, 24 March 2021

Commissioner - 11.17.001.008.029
LogoCY.jpg
Authority: Commissioner (Cyprus)
Jurisdiction: Cyprus
Relevant Law: Article 5(1) GDPR
Article 24(1) GDPR
Article 24(2) GDPR
Article 25(1) GDPR
Article 25(2) GDPR
Article 32(1) GDPR
Article 32(2) GDPR
Type: Complaint
Outcome: Upheld
Started:
Decided: 14.10.2020
Published: 14.10.2020
Fine: None
Parties: n/a
National Case Number/Name: 11.17.001.008.029
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Greek
Original Source: Office of the Commissioner for Personal Data Protection (in EL)
Initial Contributor: Elisavet Dravalou

The Commissioner for Personal Data Protection (Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα) responded to a complaint by a member of the Cyprus Telecommunications Authority Employees Welfare Association (TEY-CYTA) who has submitted a data subject request and requested a copy of her personal data.

English Summary

Facts

It was found that the TEY-CYTA Association (Cyprus Telecommunications Authority Employees Welfare Fund) had access to personal data, more than was needed to satisfy the purposes, such as the photo of its members. The TEY-CYTA due to the fact that they couldn't separate the databases for employees and for members, was not able to respond as they should.

Holding

The Commissioner held that CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures and practices, so that TEY-CYTA no longer has access to data disproportionate to the purpose, excluding access to the photo of its members. In this case, no fine was imposed.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.