Greek Ministry of Tourism – €75,000 Fine (Greece, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Greek Ministry of Tourism was fined EUR 75,000 for a data breach that exposed personal information of users on its platform. The ministry failed to secure the data properly and did not report the breach to the authorities. This case highlights the importance of having strong security measures and reporting breaches promptly.
What happened
A data breach at the Greek Ministry of Tourism exposed personal information of users, including names and social security numbers.
Who was affected
Citizens who attempted to enter their credentials on the ministry's online platform and had their personal information exposed.
What the authority found
The Hellenic Data Protection Authority found that the ministry did not have adequate security measures and failed to report the data breach, violating GDPR requirements.
Why this matters
This case underscores the need for government bodies and businesses to implement robust security measures and report data breaches quickly. It serves as a reminder that even public authorities are not exempt from GDPR compliance.
GDPR Articles Cited
The Hellenic DPA has imposed a fine of EUR 75,000 on the Greek Ministry of Tourism. A data breach had occurred at the authority. According to the DPA, an attempt by a citizen to enter his or her credentials on the authority's online platform resulted in the display of someone else's credentials, including full name, tax number, social security number, postal address, phone number, email address, and fields indicating a disability. The DPA found that the ministry failed to implement adequate technical and organizational measures to secure personal data. The ministry failed to report the incident to the DPA. The DPA considered this to be a violation of Article 33 of the GDPR. The DPA's investigation also found that the Ministry of Tourism had not appointed a data protection officer, even though an email address of the authority's data protection officer was provided on the above-mentioned platform for communication with users of the platform. This email address, as it turned out, was not active.
Related Enforcement Actions (0)
No other enforcement actions found for Greek Ministry of Tourism in GR
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
29 December 2021
Authority
Hellenic Data Protection Authority
Fine Amount
€75,000
Enforcement Tracker ID
ETid-990
About this data
Cite as: Cookie Fines. Greek Ministry of Tourism - Greece (2021). Retrieved from cookiefines.eu
Last updated: