Bank of Cyprus Public Company Ltd. – €17,000 Fine (Cyprus, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Bank of Cyprus was fined €17,000 for accidentally sharing customer data with a buyer during a credit facility sale. This mistake affected thousands of records and shows the need for strong data protection measures.
What happened
The Bank of Cyprus mistakenly transferred customer data to a buyer during a credit facility sale.
Who was affected
Customers of the Bank of Cyprus whose data was shared without their consent.
What the authority found
The authority found that the bank failed to implement adequate measures to protect personal data, violating GDPR requirements.
Why this matters
This case emphasizes the importance of robust data protection practices, especially during business transactions. Companies should ensure they have effective safeguards to prevent unauthorized data sharing.
GDPR Articles Cited
The Cypriot DPA has imposed a fine of EUR 17,000 on Bank of Cyprus Public Company Ltd. In the context of a sale of credit facilities, the bank had inadvertently transferred data of customers whose credit facilities had not been sold to the buyer. The incidents affected approximately 11,673 records and 5,500 individuals. The DPA found that the bank had failed to implement sufficient technical and organizational measures to protect personal data.
Related Enforcement Actions (1)
Other enforcement actions involving Bank of Cyprus Public Company Ltd. in CY
Details
Fine Date
1 January 2022
Authority
Commissioner for Personal Data Protection
Fine Amount
€17,000
Enforcement Tracker ID
ETid-1622
About this data
Cite as: Cookie Fines. Bank of Cyprus Public Company Ltd. - Cyprus (2022). Retrieved from cookiefines.eu
Last updated: