Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Angola: APD fines BPC $525,000 for public disclosure of employee data

The National Data Protection Agency ('APD') announced, on 29 April 2022, that it had issued a decision in which it fined Banco de Poupança e Crédito ('BPC'), a government-owned bank in Angola, the equivalent of $525,000 for violations of Articles 30, 31, 32, and 35(1) of Law No. 22/11 on the Protection of Personal Data ('the Law'). 

Background to the case

In particular, the APD outlined that the decision follows an investigation into the public disclosure, through online social networks, of a map of employees who had been laid off by BPC. 

Findings of the APD

Moreover, the APD identified the following three violations by BPC in relation to the public disclosure of employee data:

  • for the failure to implement technical and organisational measures to protect employee personal data, a violation of Article 30 and 31 of the Law;
  • for the failure to observe the duty of care and secrecy in relation to the access and improper disclosure of employee personal data, a violation of Article 32 of the Law; and
  • for the failure to request authorisation from the APD to process employee personal data, a violation of Article 35(1) of the Law.

Outcome

In view of the above findings, the APD decided to fine BPC the amount of $525,000.

You can read the press release, only available in Portuguese, here.

Feedback