Fines and warnings have already been issued by Cyprus Office of the Commissioner for Personal Data Protection for GDPR breaches to large organizations both public and private.

Warning issued for GDPR breach – Limassol Water Board

Case: Employee of the Limassol Water Board informed the Commissioner that his personal data was processed without prior consent. After investigation, there was evidence showing  infringement concerning the non GDPR compliance of the Limassol Water Board with security measures it has in place.

Penalty: On 19/6/2019, the Commissioner issued a warning to the Limassol Water Board, as the data controller,to comply to GDPR data processing security measures in all its departments and services.

€5,000 fine issued for GDPR breach – Sigma Live Ltd

Case: A complaint was made that Sigma Live ltd publicized and processed personal data without prior consent of the complainant. The complainant was the individual that helped police locate the kidnapper that took two children from a local Larnaca school in 2018, the TV channel had broadcasted his face and naming him as the ‘informant’ without his consent as he had wished to remain anonymous.

Penalty: After investigating, the Commissioner issued a fine of €5,000 for GDPR breach to Sigma Live Ltd for failure to obtain prior consent.

€3,000 fine issued for GDPR breach – B******t Management Ltd

Case: Five separate complaints were made about B******t Management Ltd for violating the GDPR principle of ‘Data Minimization’, which states that processing personal data should be adequate, relevant and limited to what is necessary to in relation to your purpose and nothing more. The company could have reached its purpose with less information being processed.

Penalty: A fine of €3,000 was issued on the 12/4/2019.

Panayiotis Z. Toulouras LLC provides counsel to clients on all the data protection matters and laws in place with the newly established GDPR. For any enquiries or assistance, feel free to contact us at [email protected] or call us directly at +357 24 623 800. For more information visit www.toulouraslaw.com.

General Data Protection Regulations Presentation

An important aspect of the GDPR is for all employees and staff members to gain a basic understanding of the responsibilities which the new legislation places upon them.

Our specialist team visited the great team at Yoshiro Digital to present the Level 1 GDPR training which gives a detailed presentation on various key points:

•  Key definitions
•  Exceptions
•  Material & Territorial Scope
•  Guiding principles
•  Legal Basis
•  Rights of Individuals
•  Authority of Supervisory body
•  Fines & Measures
•  Employee Guidelines & Checklists

What we can do.

Panayiotis Z. Toulouras LLC provides counsel to clients on all the data protection matters and laws in place with the newly established GDPR. For any enquiries or assistance, feel free to contact us at [email protected] or call us directly at +357 24 623 800. For more information visit www.toulouraslaw.com.

Estate Agency fails to train staff adequately.

A local London estate agency were handed with a fine of £80,000 due to a personal data breach that resulted in thousand’s of customers having their confidential information exposed.

The ICO, the U.K.s data protection authority, gave ‘Life at Parliament View Ltd’ a hefty fine due to a breach that occurred when they sent private details from its server to a partner company with any internet user being able to have full access to data stored between March 2015 and February 2017. The breach means that  personal data like bank statement information, salary data, passport copies, birth dates, residential addresses of both landlords and tenants were all compromised.

It was found that ‘a catalogue of security errors’ had occurred with the company not taking adequate procedures to protect the personal data from unauthorized or unlawful processing. Due to the incident occurring prior to the GDPR being established in May 2018, the fine was set taking into consideration the 1998 Data Protection Act. LPVL failed to train its staff in handling personal data, which left its customers exposed to potential risks of identity fraud.

What we can do.

Panayiotis Z. Toulouras LLC provides counsel to clients on all the data protection matters and laws in place with the newly established GDPR. For any enquiries or assistance, feel free to contact us at [email protected] or call us directly at +357 24 623 800. For more information visit www.toulouraslaw.com.

Bulgarian Revenue Agency cyber-attack (GDPR Breach).

The Bulgarian National Revenue Agency could face a fine of up to a €20 mil over the recent major breach in their systems which led to a young hacker stealing millions of taxpayers personal and financial data. The fine could be the biggest yet in the Balkans after the establishment of the  EU General Data Protection Regulations (GDPR) in May 2018 which regulate the processing of personal data.

The cyber-attack has given light to Bulgaria’s slack cyber-security standards, as experts that examining the situation, stated that the techniques used were relatively basic and that the lax security systems in place were a major reason for the breach.

The amount that could be set as a fine depends on the number of people that were affected and the amount but also type of information that was leaked. The breach emphasizes the data protection principles of ensuring there is appropriate security for all personal data which includes protection against unlawful and unauthorized processing.

What we can do.

Panayiotis Z. Toulouras LLC provides counsel to clients on all the data protection matters and laws in place with the newly established GDPR. For any enquiries or assistance, feel free to contact us at [email protected] or call us directly at +357 24 623 800. For more information visit www.toulouraslaw.com.