Support Centre

Cyprus: Commissioner fines doctor €14,000 for GDPR violations

The Office of the Commissioner for Personal Data Protection ('the Commissioner') issued, on 25 September 2019, a decision ('the Decision') fining a doctor €14,000 for violations of Articles 5(1) and 6(1)(a) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the Decision outlines that the doctor had posted a patient’s personal data on social media without the patient having consented to the use of her personal data, which lead to the disclosure of her identity.

You can read the Decision, only available in Greek, here