Decisions

Home | Decisions

Decisions issued by the Information and Data Protection Commissioner

YearTypeDescriptionDecisionCorrective ActionDecision Appealed
2020Data Protection ComplaintUnauthorized use of personal data leading to employment disciplinary proceedingsInfringement of Articles 5.1(c) and 6.1 GDPRReprimand and instructions, in terms of Article 58.2 GDPRNo
2020Data Protection ComplaintPersonal data contained in a condition report disclosed to other occupants of third party properties Infringement of Article 5.1(a) GDPRReprimand and instructions, in terms of Article 58.2 GDPRNo
2020Data Protection ComplaintInstallation of CCTV cameras at an establishment without affixing proper signageInfringement of Articles 13 and 5.1 GDPRReprimand and instructions, in terms of Article 58.2 GDPRNo
2020Data Protection ComplaintCCTV camera capturing public spacesInfringement of Articles 5.1(c) and 6.1 GDPRReprimand and instructions, in terms of Article 58.2 GDPRNo
2020Data Protection ComplaintProcessing of personal data without the consent of the data subjectInfringement of Articles 5.1(a) and 6.1 GDPRReprimand and instructions, in terms of Article 58.2 GDPR
2020Personal Data BreachUnauthorized disclosure of personal data to a third partyInfringement of Article 5.1(f) GDPRReprimand and instructions, in terms of Article 58.2 GDPRNo
2020Personal Data BreachHacking attack attempting to access online users', by making use of usernames and passwords originating from a third-party databaseInfringement of Article 5. (f) GDPRReprimand and instructions, in terms of Article 58.2 GDPRNo
2020Personal Data BreachHacking attack attempting to access online users', by making use of usernames and passwords originating from a third-party databaseInfringement of Article 5 (f)Reprimand and instructions, in terms of Article 58.2 GDPRNo
2020Personal Data BreachHacking attack using bots attempting to login into users' accountController has sufficient and appropriate technical and organisational measures in placeNilNo
2020Personal Data BreachFormer employee processed the controller's data for own purposesInfringement of Article 32.1(b) GDPRReprimand and instructions, in terms of Article 58.2 GDPRNo
2020Personal Data BreachUnauthorized disclosure of the complainant's confidential data to an external clientInfringement of Articles 5.1(f) and 32.1(b) GDPRAdministrative fine of €5,000, in terms of Article 58.2 (i) GDPRNo
2020Personal Data BreachAccidental loss of personal data when a box of documents which contained employment filled-in forms went missingInfringement of Article 32.1(b) GDPRAdministrative fine of €2,500 and orders, in terms of Article 58.2 GDPRNo
2020Personal Data BreachDisclosure of personal email addresses to all the recipients of the emailInfringement of Article 32.1(b) GDPRAdministrative fine of €2,500, in terms of Article 58.2 (i) GDPRNo
2020Personal Data BreachA third party gained unauthorized access to an account held by another individual Infringement of Article 32.1(b) GDPRAdministrative fine of €2,000, in terms of Article 58.2 (i) GDPRNo
2020Personal Data BreachUnauthorized disclosure of personal data to third partiesInfringement of Article 5.1(f) GDPRReprimand and warning, in terms of Article 58.2 GDPRNo
2020Personal Data BreachPersonal data was erroneously disclosed to an unintended recipientThe remedial action taken by the data controller has mitigated the posed riskInstructions, in terms of Article 58.2 GDPRNo
2020Personal Data BreachDisclosure of personal email addresses to all the recipients of the emailInfringement of Articles 5.1(f) and 32.1(b) GDPRAdministrative fine of €2,500, in terms of Article 58.2 (i) GDPRNo
2020Data Protection ComplaintUnsolicited sending of numerous direct marketing electronic communications without consent and right to object request ignoredInfringement of Articles 6,7 and 21 GDPR and regulation 9 of S.L 586.01Administrative fine of €15,000 and orders, in terms of Article 58.2 GDPRYes
2020Personal Data BreachDisclosure of personal email addresses to all the recipients of the emailInfringement of Article 5.1(a) GDPRReprimand and warning, in terms of Article 58.2 GDPRNo
2020Data Protection ComplaintPersonal data undergoing processing was partially provided following a right of access request. Privacy Policy not satisfying the transparency requirementsInfringement of Articles 13 and 15 GDPRAdministrative fine of €20,000, in terms of Article 83.2 GDPRNo
2020Data Protection ComplaintProcessing operations not in compliance with transparency requirementsInfringement of Article 13 GDPRReprimand and orders, in terms of Article 58.2 GDPR
2020Data Protection ComplaintUnsolicited sending of electronic direct marketing communication without consent, privacy policy not in compliance with transparency requirements and right of access request ignoredInfringement of Articles 13 and 15 GDPR and regulation 9 of S.L 586.01Administrative fine of €4,000 and orders, in terms of Article 58.2 GDPRYes
2020Data Protection ComplaintUnauthorized disclosure of personal data related to healthInfringement of Article 9 GDPRReprimand and orders, in terms of Article 58.2 GDPRYes
2020Data Protection ComplaintAdvertising showing complainant's mobile numberInfringement of Articles 5.1 and 6 GDPRAdministrative fine of € 3,000 and orders, in terms of Article 58.2 GDPR
2020Personal Data BreachUnauthorised notification letter, with details of third parties printed on the backInfringement of Articles 5.1(f) and 32.1(b) GDPRAdministrative fine of € 3,000, in terms of Article 58.2 GDPR
2020Data Protection ComplaintController failed to provide information following a right of access request and failed to inform the data subject about a restrictionInfringement of Articles 12.3 and 15.3 GDPR, and regulation 4(e) of S.L. 586.09Administrative fine of € 5,000 and orders, in terms of Article 58.2 GDPR.
2020Data Protection ComplaintCCTV camera capturing communal areaInfringement of Articles 5.1(c) and 6.1 GDPRInstructions, in terms of Article 58.2 GDPR
Skip to content