Commissioner (Cyprus) -

From GDPRhub
Commissioner -
Authority: Commissioner (Cyprus)
Jurisdiction: Cyprus
Relevant Law: Article 12(2) GDPR
Article 12(6) GDPR
Article 17 GDPR
Article 58(2)(d) GDPR
Type: Complaint
Outcome: Upheld
Decided: 02.06.2020
Fine: None
National Case Number/Name:
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Greek
Original Source: Commissioner (Cyprus) (in EL)
Initial Contributor: n/a

The Cypriot Comissioner ordered video game company to bring its processing operations into compliance with Article 12(2) GDPR as it found they should implement additional modalities to facilitate data subjects' rights and enable the latter to justify their identity according to Article 12(6) GDPR.

English Summary


A data subject made a request for erasure of his personal data to a video game provider, Gaijin Netword Ltd. Gaijin requested additional information in order to identify the data subject. The data subject failed to provide the authentication information and Gaijin rejected the request.


Was the rejection of the data subject's request for rectification as well as the company's request for additional identification information lawful?


The Comissioner found that in this particular case Gaijin could not comply with the request for erasure as authentication information was missing. However, Gaijin should implement additional modalities to facilitate the exercise of data subjects' rights. The current Gaijin's modalities do not fully comply with the GDPR and additional mechanisms should be implemented so that users with hacked accounts could be also identified according to Article 12(6) GDPR.


Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.

Please see the original decision which is already in English.