Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
The bank has been sanctioned for a loss of data breach notification, the client asks for a copy of the policy, but they can not find the contract.

The bank has been sanctioned for a loss of data breach notification, the client asks for a copy of the policy, but they can not find the contract.

The client had asked for a copy of the policy he had taken out through the bank, but there was no trace of the document. The bank had justified itself by the fact that the client’s account had been transferred from another city many years earlier, and that it was not possible to access the original contract because it had been stored in a remote location and was too expensive to recover, simply advising the client to cancel the policy.

At the end of the investigation conducted by the Cypriot Privacy Guarantor following the client’s complaint, the authority then announced that it had imposed a penalty of 15,000 euros on the Bank of Cyprus for failing to comply with its obligations under the GDPR following the loss of the client’s insurance policy. The client found himself unable to access the insurance contract, without being able to exercise his rights of access and verify the correctness and validity of his personal data.

In fact, the interested party had requested access to the information pursuant to article 15 of the GDPR, but the bank had not been able to comply with the request because the insurance contract had not been found, thus noting that the document had been lost.

The supervisory authority noted that the sanction was the consequence of the bank’s failure to notify the bank of the date of breach in relation to the loss of the contract, which should have taken place within 72 hours of the breach being brought to its attention.

In particular, the bank’s justification for this omission was not upheld, as it had stated that it had failed to provide the notification required by the GDPR because “there was not the slightest suspicion that the document could have been lost, but that it was probably only put in the wrong place“.

In this context, there were several breaches of the GDPR, including violations of the rights of the data subject pursuant to article 15, the obligation to protect personal data pursuant to articles 5 and 32, as well as failure to notify the supervisory authority and the data subject pursuant to article 33 of the GDPR. SOURCE: FEDERPRIVACY

Recommended to you

Advanced Research