Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Cyprus: Commissioner fines Bank of Cyprus €15,000 for integrity and confidentiality violations

The Office of the Commissioner for Personal Data Protection ('the Commissioner') announced, on 19 October 2020, its decision to fine Bank of Cyprus Public Company Ltd €15,000 for violation of Articles 5 (1)(f), 5 (2), 15, 32, and 33 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the Commissioner highlighted that the Bank did not comply with its obligations under the GDPR because the loss of the complainant's insurance policy deprived him of his right of access to the insurance contract, making him incapable of checking the correctness and validity of his data and verifying the lawfulness of the processing. Furthermore, the Commissioner noted that the fine was a result of the Bank's failure to notify the Commissioner of the data breach in relation to the loss of the contract within 72 hours from the moment the breach was brought to its knowledge. Lastly, the Commissioner stated that Eurolife Ltd, which was also targeted by the complainant, and which acted as a separate data controller, did not illegally process the complainant's personal data.

You can read the press release here and the decision here, both only available in Greek.