Commissioner - 11.17.001.008.029

From GDPRhub
Commissioner - 11.17.001.008.029
LogoCY.jpg
Authority: Commissioner (Cyprus)
Jurisdiction: Cyprus
Relevant Law: Article 5(1) GDPR
Article 24(1) GDPR
Article 24(2) GDPR
Article 25(1) GDPR
Article 25(2) GDPR
Article 32(1) GDPR
Article 32(2) GDPR
Type: Complaint
Outcome: Upheld
Decided: 14.10.2020
Published: 14.10.2020
Fine: None
Parties: n/a
National Case Number/Name: 11.17.001.008.029
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Greek
Original Source: Office of the Commissioner for Personal Data Protection (in EL)
Initial Contributor: Elisavet Dravalou

The Commissioner for Personal Data Protection (Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα) responded to a complaint by a member of the Cyprus Telecommunications Authority Employees Welfare Association (TEY-CYTA) who has submitted a data subject request and requested a copy of her personal data.

English Summary[edit | edit source]

Facts[edit | edit source]

It was found that the TEY-CYTA Association (Cyprus Telecommunications Authority Employees Welfare Fund) had access to personal data, more than was needed to satisfy the purposes, such as the photo of its members. The TEY-CYTA due to the fact that they couldn't separate the databases for employees and for members, was not able to respond as they should.

Holding[edit | edit source]

The Commissioner held that CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures and practices, so that TEY-CYTA no longer has access to data disproportionate to the purpose, excluding access to the photo of its members. In this case, no fine was imposed.

Comment[edit | edit source]

Share your comments here!

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.