HDPA (Greece) - 44/2019: Difference between revisions

From GDPRhub
(Created page with "{| class="wikitable" style="width: 25%; margin-left: 10px; float:right;" ! colspan="2" |HDPA - 44/2019 |- | colspan="2" style="padding: 20px; background-color:#ffffff" |File...")
 
No edit summary
Line 41: Line 41:
|Published:||n/a
|Published:||n/a
|-
|-
|Fine:||EUR 15,000
|Fine:||EUR 150,000
|-
|-
|Parties:||[http://www.ampni.com/d/aegean-bunkering-services-inc-32399.htm?lang=en&path=-1856009678 AEGEAN BUNKERING SERVICES INC ("ABS").]
|Parties:||[http://www.ampni.com/d/aegean-bunkering-services-inc-32399.htm?lang=en&path=-1856009678 AEGEAN BUNKERING SERVICES INC ("ABS").]


[https://www.ey.com/gr/en/home ERNST & YOUNG HELLAS CERTIFIED AUDITORS-ACCOUNTANTS ("EY Greece")]
[https://www.ey.com/gr/en/home ERNST&YOUNG HELLAS CERTIFIED AUDITORS-ACCOUNTANTS ("EY Greece")]


[http://www.ampni.com/ Aegean Marine Petroleum Network Inc. ("AMPNI")]  
[http://www.ampni.com/ Aegean Marine Petroleum Network Inc. ("AMPNI")]  
Line 71: Line 71:


===Holding===
===Holding===
.....
The HDPA ordered AMPNI as the data controller in this case to bring the processing operations at stake into compliance with the GDPR within three months from the receipt of this decision as foreseen under [[Article 58 GDPR#2d|Article 58(2)(d) GDPR]]. The company must take all necessary measures for internal compliance and accountability according to [[Article 5 GDPR#1|Article 5(1) GDPR]], [[Article 5 GDPR#2|Article 5(2) GDPR]] and [[Article 6 GDPR#1|Article 6(1) GDPR]]. Since the company had totally ignored the its compliance with the mentioned provisions, the HDPA issued a fine EUR 150,000 according to [[Article 58 GDPR#2i|Article 58(2)(i) GDPR]] and
[[Article 83 GDPR#5a|Article 83(5)(a) GDPR]].  


==Comment==
==Comment==

Revision as of 09:23, 31 January 2020

HDPA - 44/2019
LogoGR.jpg
Authority: HDPA (Greece)
Jurisdiction: Greece
Relevant Law: Article 5(1) GDPR

Article 5(2) GDPR

Article 6(1) GDPR

Article 33 GDPR

Article 58(2)(d) GDPR

Article 58(2)(i) GDPR

Article 83(5)(a) GDPR

Type: Complaint
Outcome: Upheld
Decided: 19. 12. 2019
Published: n/a
Fine: EUR 150,000
Parties: AEGEAN BUNKERING SERVICES INC ("ABS").

ERNST&YOUNG HELLAS CERTIFIED AUDITORS-ACCOUNTANTS ("EY Greece")

Aegean Marine Petroleum Network Inc. ("AMPNI")

National Case Number: 44/2019
European Case Law Identifier: n/a
Appeal: n/a
Original Language:

Greek

Original Source: HDPA (GR)

.....

English Summary

Facts

ABS filed a complaint against companies AMPNI and EY Greece for alleged violations of [Article 33 GDPR|Article 33 GDPR]. According to the complainant people related to the defendants entered without authorisation ABS's data room and illegally copied to mobile data carriers the entire digital content of the server which contains digital documents, e-mails and other electronic communications of ABS's employees with third parties as well as of third parties' employees. Then, these people created a clone server. Further, 11 other complaints filed before the HDPA by data subjects in relation to this incident.

Dispute

The DPA had to assess whether there was violation by both defendants regarding the notification obligation for personal data breaches to the supervisory authority.

Holding

The HDPA ordered AMPNI as the data controller in this case to bring the processing operations at stake into compliance with the GDPR within three months from the receipt of this decision as foreseen under Article 58(2)(d) GDPR. The company must take all necessary measures for internal compliance and accountability according to Article 5(1) GDPR, Article 5(2) GDPR and Article 6(1) GDPR. Since the company had totally ignored the its compliance with the mentioned provisions, the HDPA issued a fine EUR 150,000 according to Article 58(2)(i) GDPR and Article 83(5)(a) GDPR.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

There is no available machine translated decision. Please refer to the Greek original decision for details.