Commissioner - 11.17.001.008.029

Commissioner - 11.17.001.008.029
Authority:	Commissioner (Cyprus)
Jurisdiction:	Cyprus
Relevant Law:	Article 5(1) GDPR Article 24(1) GDPR Article 24(2) GDPR Article 25(1) GDPR Article 25(2) GDPR Article 32(1) GDPR Article 32(2) GDPR
Type:	Complaint
Outcome:	Upheld
Started:
Decided:	14.10.2020
Published:	14.10.2020
Fine:	None
Parties:	n/a
National Case Number/Name:	11.17.001.008.029
European Case Law Identifier:	n/a
Appeal:	n/a
Original Language(s):	Greek
Original Source:	Office of the Commissioner for Personal Data Protection (in EL)
Initial Contributor:	Elisavet Dravalou

The Commissioner for Personal Data Protection (Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα) responded to a complaint by a member of the Cyprus Telecommunications Authority Employees Welfare Association (TEY-CYTA) who has submitted a data subject request and requested a copy of her personal data.

English Summary[edit | edit source]

Facts[edit | edit source]

It was found that the TEY-CYTA Association (Cyprus Telecommunications Authority Employees Welfare Fund) had access to personal data, more than was needed to satisfy the purposes, such as the photo of its members. The TEY-CYTA due to the fact that they couldn't separate the databases for employees and for members, was not able to respond as they should.

Holding[edit | edit source]

The Commissioner held that CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures and practices, so that TEY-CYTA no longer has access to data disproportionate to the purpose, excluding access to the photo of its members. In this case, no fine was imposed.

Comment[edit | edit source]

Share your comments here!

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.