HDPA (Greece) - 27/2020

From GDPRhub
Revision as of 16:38, 7 September 2020 by AntigoniLogotheti (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=Greece |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoGR.jpg |DPA_Abbrevation=HDPA |DPA_With_Country=HDPA (Greece) |Case_Number_Name=27/...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
HDPA - 27/2020
LogoGR.jpg
Authority: HDPA (Greece)
Jurisdiction: Greece
Relevant Law: Article 32 GDPR
Article 58(2)(d) GDPR
Article 9 Council Decision 2008/633/JHA
Type: Investigation
Outcome: Violation Found
Started:
Decided: 11.08.2020
Published:
Fine: None
Parties: Ministry of Foreign Affairs
National Case Number/Name: 27/2020
European Case Law Identifier: n/a
Appeal: Not appealed
Original Language(s): Greek
Original Source: HDPA (in EL)
Initial Contributor: n/a

The Hellenic Data Protection Authority (HDPA) ordered the Ministry of Foreign Affairs to comply with its recommendations regarding the security issues it identified in the Visa Information System (VIS).

English Summary

Facts

The HDPA ran an on site audit at the Ministry of Foreign Affairs as being the data controller according to VIS Regulation and VIS Decision. VIS is an information system for exchanging data among states within Schengen area with an aim to improve common VISA policies. The audit was focused on security issues, which are provided for in Article 32 GDPR and Article 32 of VIS Regulation. Further security requirements are provided for in Article 9 of Council Decision 2008/633/JHA (VIS Decision). Fundamental element of the system is a central database which contains personal data including special categories.

Dispute

Holding

The HDPA prepared a detailed analysis of the findings arisen from the audit as well as of the relevant risks, which is however included in a final confidential report. Based on these findings, the HDPA ordered the Ministry of Foreign Affairs to comply with its recommendations that are included in the confidential report according to Article 58(2)(d) GDPR and inform the HDPA accordingly.


Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.