Commissioner (Cyprus) - 11.17.001.008.029
| Commissioner - 11.17.001.008.029 | |
|---|---|
 | |
| Authority: | Commissioner (Cyprus) |
| Jurisdiction: | Cyprus |
| Relevant Law: | Article 5(1) GDPR Article 24(1) GDPR Article 24(2) GDPR Article 25(1) GDPR Article 25(2) GDPR Article 32(1) GDPR Article 32(2) GDPR |
| Type: | Complaint |
| Outcome: | Upheld |
| Started: | |
| Decided: | 14.10.2020 |
| Published: | 14.10.2020 |
| Fine: | None |
| Parties: | n/a |
| National Case Number/Name: | 11.17.001.008.029 |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | Greek |
| Original Source: | Office of the Commissioner for Personal Data Protection (in EL) |
| Initial Contributor: | Elisavet Dravalou |
A member of the Cyprus Telecommunications Authority Employees Welfare Association (TEY-CYTA) Association has submitted a data subject request and requested a copy of her personal data. The TEY-CYTA due to the fact that they couldn't separate the databases for employees and for members, was not able to respond as they should. The Commissioner found that the controller violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR.
English Summary
Facts
It was found that the TEY-CYTA Association (Cyprus Telecommunications Authority Employees Welfare Fund) had access to personal data, more than was needed to satisfy the purposes, such as the photo of its members.
Dispute
Holding
The Commissioner held that CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures and practices, so that TEY-CYTA no longer has access to data disproportionate to the purpose, excluding access to the photo of its members. In this case, no fine was imposed.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.
