C-Planet (IT Solutions) Limited – €65,000 Fine (Malta, 2022)

€65,000Information and Data Protection Commissioner17 January 2022Malta
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Malta's Data Protection Commissioner fined C-Planet (IT Solutions) Limited EUR 65,000 after a data breach exposed personal data of Maltese voters. This case is important because it underscores the need for strong security measures to protect personal data.

What happened

C-Planet (IT Solutions) Limited suffered a data breach that exposed personal data of Maltese voters.

Who was affected

Maltese voters whose personal data, including political opinions, was exposed in the breach.

What the authority found

The commissioner found that C-Planet failed to secure personal data and notify affected individuals, violating several GDPR articles.

Why this matters

This case emphasizes the necessity for companies to implement robust security measures and timely breach notifications. It serves as a warning to businesses handling sensitive data.

GDPR Articles Cited

Art. 14 GDPR
Art. 32 GDPR
Art. 33 GDPR
Art. 34 GDPR
Art. 5(1)(f) GDPR
Art. 6(1) GDPR
Art. 9(1) GDPR
Malta enforcementInformation and Data Protection Commissioner actionsAll C-Planet (IT Solutions) Limited actions
Full Legal Summary
Detailed

The DPA of Malta has imposed a fine of EUR 65,000 on C-Planet (IT Solutions) Limited. The DPA had initiated an investigation against C-Planet in April 2020 after being informed of a data breach. The DPA noted as a result that C-Planet had violated Art. 6 (1) GDPR, Art. 9 (1), (2) GDPR, Art. 14 GDPR and Art. 5 (1) f) GDPR in the context of data processing. The DPA also found that C-Planet failed to implement appropriate technical and organizational measures to ensure a level of security commensurate with the risk and that this led to the data breach. This constitutes a violation of Art. 32 GDPR. In addition, the DPA found that the controller failed to notify the personal data breach within the legally required deadline and to inform the data subjects. This constitutes a violation of Art. 33 GDPR and Art. 34 GDPR.

Related Enforcement Actions (0)

No other enforcement actions found for C-Planet (IT Solutions) Limited in MT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

17 January 2022

Authority

Information and Data Protection Commissioner

Fine Amount

€65,000

Enforcement Tracker ID

ETid-996

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. C-Planet (IT Solutions) Limited - Malta (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: