Details:
| Summary | The Cypriot DPA has imposed a fine of EUR 3,500 on Universal Life Insurance Public Co Ltd. The processor of the data controller had suffered a data breach in which personal data of customers were mistakenly disclosed to other customers. During its investigation, the DPA found that the controller had failed to contractually regulate the relationship with its processor. The DPA concluded that the controller had contracted a processor without ensuring that the processor provided sufficient guarantees for the implementation of appropriate technical and organizational measures to protect personal data. |
| Link: | link |
| Related articles: | Art. 24 (1) GDPR, Art. 28 (1) GDPR |
| Type: | Insufficient data processing agreement |
| Fine: | EUR 3,500 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/