Commissioner - 11.17.001.008.029
|Commissioner - 11.17.001.008.029|
|Relevant Law:||Article 5(1) GDPR|
Article 24(1) GDPR
Article 24(2) GDPR
Article 25(1) GDPR
Article 25(2) GDPR
Article 32(1) GDPR
Article 32(2) GDPR
|National Case Number/Name:||11.17.001.008.029|
|European Case Law Identifier:||n/a|
|Original Source:||Office of the Commissioner for Personal Data Protection (in EL)|
|Initial Contributor:||Elisavet Dravalou|
The Commissioner for Personal Data Protection (Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα) responded to a complaint by a member of the Cyprus Telecommunications Authority Employees Welfare Association (TEY-CYTA) who has submitted a data subject request and requested a copy of her personal data.
English Summary[edit | edit source]
Facts[edit | edit source]
It was found that the TEY-CYTA Association (Cyprus Telecommunications Authority Employees Welfare Fund) had access to personal data, more than was needed to satisfy the purposes, such as the photo of its members. The TEY-CYTA due to the fact that they couldn't separate the databases for employees and for members, was not able to respond as they should.
Holding[edit | edit source]
The Commissioner held that CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures and practices, so that TEY-CYTA no longer has access to data disproportionate to the purpose, excluding access to the photo of its members. In this case, no fine was imposed.
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.