| 2020 | Data Protection Complaint | Unauthorized use of personal data leading to employment disciplinary proceedings | Infringement of Articles 5.1(c) and 6.1 GDPR | Reprimand and instructions, in terms of Article 58.2 GDPR | No |
| 2020 | Data Protection Complaint | Personal data contained in a condition report disclosed to other occupants of third party properties | Infringement of Article 5.1(a) GDPR | Reprimand and instructions, in terms of Article 58.2 GDPR | No |
| 2020 | Data Protection Complaint | Installation of CCTV cameras at an establishment without affixing proper signage | Infringement of Articles 13 and 5.1 GDPR | Reprimand and instructions, in terms of Article 58.2 GDPR | No |
| 2020 | Data Protection Complaint | CCTV camera capturing public spaces | Infringement of Articles 5.1(c) and 6.1 GDPR | Reprimand and instructions, in terms of Article 58.2 GDPR | No |
| 2020 | Data Protection Complaint | Processing of personal data without the consent of the data subject | Infringement of Articles 5.1(a) and 6.1 GDPR | Reprimand and instructions, in terms of Article 58.2 GDPR | |
| 2020 | Personal Data Breach | Unauthorized disclosure of personal data to a third party | Infringement of Article 5.1(f) GDPR | Reprimand and instructions, in terms of Article 58.2 GDPR | No |
| 2020 | Personal Data Breach | Hacking attack attempting to access online users', by making use of usernames and passwords originating from a third-party database | Infringement of Article 5. (f) GDPR | Reprimand and instructions, in terms of Article 58.2 GDPR | No |
| 2020 | Personal Data Breach | Hacking attack attempting to access online users', by making use of usernames and passwords originating from a third-party database | Infringement of Article 5 (f) | Reprimand and instructions, in terms of Article 58.2 GDPR | No |
| 2020 | Personal Data Breach | Hacking attack using bots attempting to login into users' account | Controller has sufficient and appropriate technical and organisational measures in place | Nil | No |
| 2020 | Personal Data Breach | Former employee processed the controller's data for own purposes | Infringement of Article 32.1(b) GDPR | Reprimand and instructions, in terms of Article 58.2 GDPR | No |
| 2020 | Personal Data Breach | Unauthorized disclosure of the complainant's confidential data to an external client | Infringement of Articles 5.1(f) and 32.1(b) GDPR | Administrative fine of €5,000, in terms of Article 58.2 (i) GDPR | No |
| 2020 | Personal Data Breach | Accidental loss of personal data when a box of documents which contained employment filled-in forms went missing | Infringement of Article 32.1(b) GDPR | Administrative fine of €2,500 and orders, in terms of Article 58.2 GDPR | No |
| 2020 | Personal Data Breach | Disclosure of personal email addresses to all the recipients of the email | Infringement of Article 32.1(b) GDPR | Administrative fine of €2,500, in terms of Article 58.2 (i) GDPR | No |
| 2020 | Personal Data Breach | A third party gained unauthorized access to an account held by another individual | Infringement of Article 32.1(b) GDPR | Administrative fine of €2,000, in terms of Article 58.2 (i) GDPR | No |
| 2020 | Personal Data Breach | Unauthorized disclosure of personal data to third parties | Infringement of Article 5.1(f) GDPR | Reprimand and warning, in terms of Article 58.2 GDPR | No |
| 2020 | Personal Data Breach | Personal data was erroneously disclosed to an unintended recipient | The remedial action taken by the data controller has mitigated the posed risk | Instructions, in terms of Article 58.2 GDPR | No |
| 2020 | Personal Data Breach | Disclosure of personal email addresses to all the recipients of the email | Infringement of Articles 5.1(f) and 32.1(b) GDPR | Administrative fine of €2,500, in terms of Article 58.2 (i) GDPR | No |
| 2020 | Data Protection Complaint | Unsolicited sending of numerous direct marketing electronic communications without consent and right to object request ignored | Infringement of Articles 6,7 and 21 GDPR and regulation 9 of S.L 586.01 | Administrative fine of €15,000 and orders, in terms of Article 58.2 GDPR | Yes |
| 2020 | Personal Data Breach | Disclosure of personal email addresses to all the recipients of the email | Infringement of Article 5.1(a) GDPR | Reprimand and warning, in terms of Article 58.2 GDPR | No |
| 2020 | Data Protection Complaint | Personal data undergoing processing was partially provided following a right of access request. Privacy Policy not satisfying the transparency requirements | Infringement of Articles 13 and 15 GDPR | Administrative fine of €20,000, in terms of Article 83.2 GDPR | No |
| 2020 | Data Protection Complaint | Processing operations not in compliance with transparency requirements | Infringement of Article 13 GDPR | Reprimand and orders, in terms of Article 58.2 GDPR | |
| 2020 | Data Protection Complaint | Unsolicited sending of electronic direct marketing communication without consent, privacy policy not in compliance with transparency requirements and right of access request ignored | Infringement of Articles 13 and 15 GDPR and regulation 9 of S.L 586.01 | Administrative fine of €4,000 and orders, in terms of Article 58.2 GDPR | Yes |
| 2020 | Data Protection Complaint | Unauthorized disclosure of personal data related to health | Infringement of Article 9 GDPR | Reprimand and orders, in terms of Article 58.2 GDPR | |
| 2020 | Data Protection Complaint | Advertising showing complainant's mobile number | Infringement of Articles 5.1 and 6 GDPR | Administrative fine of € 3,000 and orders, in terms of Article 58.2 GDPR | |
| 2020 | Personal Data Breach | Unauthorised notification letter, with details of third parties printed on the back | Infringement of Articles 5.1(f) and 32.1(b) GDPR | Administrative fine of € 3,000, in terms of Article 58.2 GDPR | |