Commissioner (Cyprus) - 11.17.001.008.029

From GDPRhub
Revision as of 09:43, 24 March 2021 by Lv (talk | contribs)
Commissioner - 11.17.001.008.029
LogoCY.jpg
Authority: Commissioner (Cyprus)
Jurisdiction: Cyprus
Relevant Law: Article 5(1) GDPR
Article 24(1) GDPR
Article 24(2) GDPR
Article 25(1) GDPR
Article 25(2) GDPR
Article 32(1) GDPR
Article 32(2) GDPR
Type: Complaint
Outcome: Upheld
Started:
Decided: 14.10.2020
Published: 14.10.2020
Fine: None
Parties: n/a
National Case Number/Name: 11.17.001.008.029
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Greek
Original Source: Office of the Commissioner for Personal Data Protection (in EL)
Initial Contributor: Elisavet Dravalou

The Commissioner for Personal Data Protection (Επίτροπος Δεδομένων Προσωπικού Χαρακτήρα) responded to a complaint by a member of the Cyprus Telecommunications Authority Employees Welfare Association (TEY-CYTA) who has submitted a data subject request and requested a copy of her personal data.

English Summary

Facts

It was found that the TEY-CYTA Association (Cyprus Telecommunications Authority Employees Welfare Fund) had access to personal data, more than was needed to satisfy the purposes, such as the photo of its members. The TEY-CYTA due to the fact that they couldn't separate the databases for employees and for members, was not able to respond as they should.

Holding

The Commissioner held that CYTA violated articles 5 (1), 24 (1) and (2), 25 (1) and (2) and 32 of the GDPR and instructed CYTA to establish such security measures and practices, so that TEY-CYTA no longer has access to data disproportionate to the purpose, excluding access to the photo of its members. In this case, no fine was imposed.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.