Editing APD/GBA - 56/2021

From GDPRhub

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 63: Line 63:
 
Employees at the financial institution could access the CCR via one of two systems. The first system, which was for regular staff, kept a record of each employee that used it. The second system, which was for managers, did not register employees. The financial institution states that only five employees had access to the CCR via the second system, and that they used a shared password.  
 
Employees at the financial institution could access the CCR via one of two systems. The first system, which was for regular staff, kept a record of each employee that used it. The second system, which was for managers, did not register employees. The financial institution states that only five employees had access to the CCR via the second system, and that they used a shared password.  
  
A file in the CCR concerning the complainant was accessed at least 20 times between April 2016 and August 2018 via the second system. Whilst it was not possible to identify exactly which employee was responsible on account of the lack of record keeping, it is known that one of the five relevant employees is the defendant's ex-husband. According to the defendant, her ex-husband used his access to the CCR to obtain information which unfairly assisted him in proceedings concerning the liquidation of their joint estate following their divorce.  
+
A file in the CCR concerning the complainant was accessed at least 20 times between April 2016 and August 2018 via the second system. Whilst it was not possible to identify exactly which employee was responsible on account of the lack of record keeping, it is known that one of the five relevant employees is the defendant's ex-husband. According to the defendant, her ex-husband used his access to the CCR to obtain information which unfairly assisted him in proceedings concerning the liquidation of their joint following their divorce.  
  
 
The complaint argued that the financial institution failed to take appropriate measures to secure its processing activities as required by Article 32 GDPR. A separate complaint, which is still pending before the Belgian DPA, was also filed by the complainant against her ex-husband.  
 
The complaint argued that the financial institution failed to take appropriate measures to secure its processing activities as required by Article 32 GDPR. A separate complaint, which is still pending before the Belgian DPA, was also filed by the complainant against her ex-husband.  

Please note that all contributions to GDPRhub are considered to be released under the Creative Commons Attribution-NonCommercial-ShareAlike (see GDPRhub:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To edit this page, please answer the question that appears below (more info):

Cancel Editing help (opens in new window)

Template used on this page: