English School Cyprus – €4,000 Fine (Cyprus, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The English School in Cyprus was fined €4,000 for not protecting personal data adequately. A teacher used parents' email addresses for unintended purposes, leading to a data breach. This case emphasizes the need for schools to implement strong data protection measures.
What happened
A teacher at the English School used parents' email addresses for purposes other than intended, resulting in a data breach.
Who was affected
Parents of students at the English School whose email addresses were misused.
What the authority found
The Cypriot authority found the school failed to implement adequate data protection measures, violating GDPR.
Why this matters
This case highlights the importance of proper data handling and protection in educational institutions. Schools must ensure they have robust systems to prevent unauthorized use of personal data.
GDPR Articles Cited
The Cypriot DPA has imposed a fine of EUR 4,000 on the English School in Cyprus. The school had reported a data breach to the DPA under Art. 33 GDPR. A teacher had used the email address of the students' parents for a purpose other than that for which the email addresses were originally collected. The DPA found that the school had failed to take adequate technical and organizational measures to ensure the protection of personal data and to prevent such incidents.
Related Enforcement Actions (0)
No other enforcement actions found for English School Cyprus in CY
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
22 March 2022
Authority
Commissioner for Personal Data Protection
Fine Amount
€4,000
Enforcement Tracker ID
ETid-1108
About this data
Cite as: Cookie Fines. English School Cyprus - Cyprus (2022). Retrieved from cookiefines.eu
Last updated: