16 November 2017
Cyprus: Commissioner fines CYTA €10,000 for employee data leak
The Office of the Commissioner for Personal Data Protection ('the Commissioner') announced, on 16 November 2017, that it had fined the Cyprus Telecommunications Authority ('CYTA') €10,000 for failing to prevent an employee from leaking the personal data of 249 customers to a third party. In particular, the Commissioner highlighted that the employee's access to customer data should have been revoked following their transfer from the customer services department and that following internal policies and procedures in this regard could have prevented the leak.
You can read the decision here and the monetary penalty notice here.