Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
Forgot a vault, containing the practices of the Bank’s customers, which leaves the rented premises

Forgot a vault, containing the practices of the Bank’s customers, which leaves the rented premises

The Hellenic Bank had rented premises for its own branch in Nicosia, but when it decided to move in 2015 it literally forgot an old vault with a key lock that had been built in a wall of the building. Subsequently, from 2015 to 2019 the store had been vacant, but when the premises were finally rented again by its owner, the new tenants discovered with surprise the existence of the abandoned vault, and therefore they promptly decided to warn the bank, But when the officials of the institution went to the place to open the armored rooms, they were not inside gold bars or bundles of notes, but old practices and files of customers and former customers who had been placed there at the time.

At that point, the bank officials retrieved all the contents that had remained closed to them for five years and were concerned to transfer all the documentation and secure it at the Bank’s headquarters. However, as required by the GDPR, the bank also notified the “data Breach” to the Office of the Cypriot Data Protection Commissioner.

In addition to the delay in relation to the obligation of the bank to notify the supervisory authority of the breach of security, which should normally take place “without undue delay and, where possible, within 72 hours from the moment it became aware of it”, the Cypriot guarantor also found a violation of the principle of availability of files that remained locked inside the vault in the period from 2015 to 2019.

Among aggravating and mitigating factors which were assessed during the safety incident investigation, In March 2021, the Office of the Data Protection Commissioner of Cyprus finally decided to impose on Hellenic Bank Ltd a fine of 25,000 euros for breaches of the security principles required by Article 5 of the GDPR, those of Article 32, paragraph 1, letters b) and c) the ability to ensure on a permanent basis the confidentiality, integrity, availability and resilience of processing systems and services, as well as the ability to promptly restore the availability and access of personal data in the event of a physical or technical incident, in addition to challenging the delayed notification pursuant to article 33 of the EU Regulation.

As it was all too easy to assume, given the safe house where the documents were kept, the Cypriot media reported that Hellenic Bank nevertheless stressed that in that long period of time none of the information concerning the bank’s clients in the vault was disclosed to third parties, and that, in the meantime, all the organisational measures have been taken to ensure that such events do not recur in the future.

SOURCE: FEDERPRIVACY

Recommended to you

Advanced Research