Category Archives: Data Protection Law

Data Trusteeship: What you need to know

Data Trusteeship: What you need to know.

The General Data Protection Regulation (GDPR) is now into its second, and since it was established in my 2018, it has strongly emphasized the importance of accountability, by requiring organizations to act in a compliant way, and to record and demonstrate their compliance through various assessments, procedures policies and documentation.

A Data Trusteeship aims to ensure GDPR requirements are met and personal data is held securely and independently.

Data Trusteeship: How Does Data Trusteeship work?

  • A Data Trust is formed when individuals, aka data subjects, transfer their personal data or data rights to a Data Trustee.
  • Law firms can be authorized Data Trustees who hold and govern that data through a Trust structure on behalf of beneficiaries for a specified and agreed purpose.
  • The Data can be handed to the Trust by the actual beneficiaries, or through a group transfer in situations where there is large number of data e.g. employee data, health data, bulk client’s data.
  • Data Trustees have a fiduciary duty to protect the interests of the data subjects and the personal data and data subject rights under its custody. Data Trustees are to take decisions on behalf of the data subjects.
  • Data Trustees are able to elect who has access to the Data controlled by the Trust and who can use it, according to the agreed terns and conditions.
  • Data Trustees are able to revoke access to the Data when the use of Data is not executed according to the setterms and specifications.
  • Data Trusteeship allows organizations using the Data to unlock the value of Data, whilst ensuring that their data subject’s rights of people are secure and protected.

Data Trusteeship: What do we do.

Panayiotis Z. Toulouras LLC acts as Data Trustees for organizations based in Cyprus and internationally, with the firm recently becoming authorized Data Trustees of a software company that provides operators with the technology to track and store the personal data of their daily visitors in order to maintain a database to help combat the spread of epidemic disease.

We offer our clients a vigorous operational process with decoding keys, data decryption, secured database servers, I.T. security and processes in place to ensure all terms and conditions are executed sufficiently.

 

 

€14,000 fine handed out to local Doctor for GDPR breach

€14,000 fine handed out to local Doctor for GDPR breach

The complainant complained that the Doctor had disclosed her personal data on Instagram without her prior consent. After investigating the complaint, it was found that her disclosure did not comply with the purpose of the prior consent which was given by the Complainant for marketing purposes, as her identity had been fully disclosed publicly.

The Commissioner issued a judgment and fined the Doctor € 14,000 on the 6th of September 2019.

Panayiotis Z. Toulouras LLC provides counsel to clients on all the data protection matters and laws in place with the newly established GDPR. For any enquiries or assistance, feel free to contact us at info@toulouraslaw.com or call us directly at +357 24 623 800. For more information visit www.toulouraslaw.com.

Read more about the Commissioner’s judgment here 

 

Fines & Warnings issued by the Cyprus Office of the Commissioner for Personal Data

Fines and warnings have already been issued by Cyprus Office of the Commissioner for Personal Data Protection for GDPR breaches to large organizations both public and private.

Warning issued for GDPR breach – Limassol Water Board

Case: Employee of the Limassol Water Board informed the Commissioner that his personal data was processed without prior consent. After investigation, there was evidence showing  infringement concerning the non GDPR compliance of the Limassol Water Board with security measures it has in place.

Penalty: On 19/6/2019, the Commissioner issued a warning to the Limassol Water Board, as the data controller,to comply to GDPR data processing security measures in all its departments and services.

€5,000 fine issued for GDPR breach – Sigma Live Ltd

Case: A complaint was made that Sigma Live ltd publicized and processed personal data without prior consent of the complainant. The complainant was the individual that helped police locate the kidnapper that took two children from a local Larnaca school in 2018, the TV channel had broadcasted his face and naming him as the ‘informant’ without his consent as he had wished to remain anonymous.

Penalty: After investigating, the Commissioner issued a fine of €5,000 for GDPR breach to Sigma Live Ltd for failure to obtain prior consent.

€3,000 fine issued for GDPR breach – B******t Management Ltd

Case: Five separate complaints were made about B******t Management Ltd for violating the GDPR principle of ‘Data Minimization’, which states that processing personal data should be adequate, relevant and limited to what is necessary to in relation to your purpose and nothing more. The company could have reached its purpose with less information being processed.

Penalty: A fine of €3,000 was issued on the 12/4/2019.

Panayiotis Z. Toulouras LLC provides counsel to clients on all the data protection matters and laws in place with the newly established GDPR. For any enquiries or assistance, feel free to contact us at info@toulouraslaw.com or call us directly at +357 24 623 800. For more information visit www.toulouraslaw.com.

GDPR Training – Level 1 presentation

General Data Protection Regulations Presentation

An important aspect of the GDPR is for all employees and staff members to gain a basic understanding of the responsibilities which the new legislation places upon them.

Our specialist team visited the great team at Yoshiro Digital to present the Level 1 GDPR training which gives a detailed presentation on various key points:

  •  Key definitions
  •  Exceptions
  •  Material & Territorial Scope
  •  Guiding principles
  •  Legal Basis
  •  Rights of Individuals
  •  Authority of Supervisory body
  •  Fines & Measures
  •  Employee Guidelines & Checklists

What we can do.

Panayiotis Z. Toulouras LLC provides counsel to clients on all the data protection matters and laws in place with the newly established GDPR. For any enquiries or assistance, feel free to contact us at info@toulouraslaw.com or call us directly at +357 24 623 800. For more information visit www.toulouraslaw.com.

Estate Agency that failed to handle personal data adequately is fined £80,000.

Estate Agency fails to train staff adequately.

A local London estate agency were handed with a fine of £80,000 due to a personal data breach that resulted in thousand’s of customers having their confidential information exposed.

The ICO, the U.K.s data protection authority, gave ‘Life at Parliament View Ltd’ a hefty fine due to a breach that occurred when they sent private details from its server to a partner company with any internet user being able to have full access to data stored between March 2015 and February 2017. The breach means that  personal data like bank statement information, salary data, passport copies, birth dates, residential addresses of both landlords and tenants were all compromised.

It was found that ‘a catalogue of security errors’ had occurred with the company not taking adequate procedures to protect the personal data from unauthorized or unlawful processing. Due to the incident occurring prior to the GDPR being established in May 2018, the fine was set taking into consideration the 1998 Data Protection Act. LPVL failed to train its staff in handling personal data, which left its customers exposed to potential risks of identity fraud.

What we can do.

Panayiotis Z. Toulouras LLC provides counsel to clients on all the data protection matters and laws in place with the newly established GDPR. For any enquiries or assistance, feel free to contact us at info@toulouraslaw.com or call us directly at +357 24 623 800. For more information visit www.toulouraslaw.com.

 

Bulgarian National Revenue Agency could face a fine of up to a €20 mil over major GDPR breach.

Bulgarian Revenue Agency cyber-attack (GDPR Breach).

The Bulgarian National Revenue Agency could face a fine of up to a €20 mil over the recent major breach in their systems which led to a young hacker stealing millions of taxpayers personal and financial data. The fine could be the biggest yet in the Balkans after the establishment of the  EU General Data Protection Regulations (GDPR) in May 2018 which regulate the processing of personal data.

The cyber-attack has given light to Bulgaria’s slack cyber-security standards, as experts that examining the situation, stated that the techniques used were relatively basic and that the lax security systems in place were a major reason for the breach.

The amount that could be set as a fine depends on the number of people that were affected and the amount but also type of information that was leaked. The breach emphasizes the data protection principles of ensuring there is appropriate security for all personal data which includes protection against unlawful and unauthorized processing.

What we can do.

Panayiotis Z. Toulouras LLC provides counsel to clients on all the data protection matters and laws in place with the newly established GDPR. For any enquiries or assistance, feel free to contact us at info@toulouraslaw.com or call us directly at +357 24 623 800. For more information visit www.toulouraslaw.com.

BOOK AN APPOINTMENT