KEPIDES – €6,000 Fine (Cyprus, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
In Cyprus, KEPIDES was fined EUR 6,000 for sharing a list of property buyers without anonymizing their names. This mistake exposed personal information to a parliamentary committee. The case stresses the need for businesses to properly anonymize data before sharing it.
What happened
KEPIDES shared a list of property buyers with a parliamentary committee without anonymizing their names.
Who was affected
Property buyers whose names were included in the list shared by KEPIDES.
What the authority found
The Cypriot authority found that KEPIDES violated GDPR by failing to anonymize personal data before sharing it.
Why this matters
This case highlights the importance of anonymizing personal data before sharing it with third parties. Businesses should ensure they have processes in place to protect individuals' privacy when handling and sharing data.
GDPR Articles Cited
The Cypriot DPA imposed a fine of EUR 6,000 against KEPIDES (real estate company). The controller had submitted a list of buyers of the properties it manages to a parliamentary committee. However, the controller had failed to anonymize the list, as a result of which the names of the data subjects were transmitted.
Related Enforcement Actions (0)
No other enforcement actions found for KEPIDES in CY
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
3 March 2021
Authority
Commissioner for Personal Data Protection
Fine Amount
€6,000
Enforcement Tracker ID
ETid-580
About this data
Cite as: Cookie Fines. KEPIDES - Cyprus (2021). Retrieved from cookiefines.eu
Last updated: