Bank of Cyprus Public Company Ltd – €15,000 Fine (Cyprus, 2020)

€15,000Commissioner for Personal Data Protection19 October 2020Cyprus
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Bank of Cyprus lost a customer's insurance contract and failed to inform them about it, leading to a fine. This case shows the importance of keeping customer data safe and notifying them if something goes wrong. Businesses must ensure they can provide customers access to their data when requested.

What happened

The Bank of Cyprus lost a customer's insurance contract and did not inform them about the data breach.

Who was affected

Customers of the Bank of Cyprus who could not access their insurance contract information.

What the authority found

The Commissioner for Personal Data Protection fined the Bank of Cyprus for losing customer data and failing to notify the affected individual, violating GDPR rules.

Why this matters

This decision highlights the importance of data security and transparency. Businesses must maintain accurate records and promptly inform customers of data breaches to comply with GDPR.

GDPR Articles Cited

Art. 15 GDPR
Art. 32 GDPR
Art. 33 GDPR
Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Cyprus enforcementCommissioner for Personal Data Protection actionsAll Bank of Cyprus Public Company Ltd actions
Full Legal Summary
Detailed

The data subject made a claim for access to information according to Art. 15 GDPR, which could not be answered, since the insurance contract of the data subject could not be found and has been lost. This constituted a violation of the rights of the data subject under Art. 15 GDPR as well as a violation of the obligations to protect personal data according to Art. 5 (1) f) GDPR and Art. 32 GDPR. In addition, the Data Breach Notification Obligations pursuant to Art. 33 f. GDPR have also been violated, as the data subject was not informed about the security incident in due time.

Related Enforcement Actions (0)

No other enforcement actions found for Bank of Cyprus Public Company Ltd in CY

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

19 October 2020

Authority

Commissioner for Personal Data Protection

Fine Amount

€15,000

Enforcement Tracker ID

ETid-422

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Bank of Cyprus Public Company Ltd - Cyprus (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: