On August 17, 2023, the Croatian data protection authority (AZOP) requested that the Hellenic data protection authority (HDPA) take action on a potential data breach. In particular, AZOP highlighted that it received reports that the personal data, including name, surname, date of birth, and parentage, of Croatian citizens committing criminal offences and misdemeanours was published in Greek on a Greek portal.

Accordingly, AZOP outlined that it has requested the HDPA to take action regarding the data controller of the Greek portal to determine whether the publication of personal information related to criminal offences was in accordance with the General Data Protection Regulation (GDPR).

You can read the press release, only available in Croatian, here.

Update: September 4, 2023

HDPA directs Greek website to remove Croatian data subjects' details at AZOP's request

On September 1, 2023, AZOP announced that the HDPA took action on the potential data breach at the request of the AZOP. The AZOP stated that the HDPA initiated supervisory proceedings against the data controller, the Greek portal, and that the data controller removed the article in which the personal data of Croatian citizens was published. Furthermore, the AZOP stated that the HDPA will continue the supervisory procedure and will inform the AZOP of all relevant information.

You can read the press release, only available in Croatian, here.