HDPA - 27/2020
|HDPA - 27/2020|
|Relevant Law:||Article 32 GDPR|
Article 58(2)(d) GDPR
Article 9 Council Decision 2008/633/JHA
|Parties:||Ministry of Foreign Affairs|
|National Case Number/Name:||27/2020|
|European Case Law Identifier:||n/a|
|Original Source:||HDPA (in EL)|
The Hellenic Data Protection Authority (HDPA) ordered the Ministry of Foreign Affairs to comply with its recommendations regarding the security issues it identified in the Visa Information System (VIS).
English Summary[edit | edit source]
Facts[edit | edit source]
The HDPA ran an on site audit at the Ministry of Foreign Affairs as being the data controller according to VIS Regulation and VIS Decision. VIS is an information system for exchanging data among states within Schengen area with an aim to improve common VISA policies. The audit was focused on security issues, which are provided for in Article 32 GDPR and Article 32 of VIS Regulation. Further security requirements are provided for in Article 9 of Council Decision 2008/633/JHA (VIS Decision). Fundamental element of the system is a central database which contains personal data including special categories.
Dispute[edit | edit source]
Holding[edit | edit source]
The HDPA prepared a detailed analysis of the findings arisen from the audit as well as of the relevant risks, which is however included in a final confidential report. Based on these findings, the HDPA ordered the Ministry of Foreign Affairs to comply with its recommendations that are included in the confidential report according to Article 58(2)(d) GDPR and inform the HDPA accordingly.
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.