The Lands Authority lacked the right security measures and infringed GDPR rules, the Data Commissioner, has concluded.
The GDPR Commissioner has said that the authority’s online portal, ‘lacked the necessary technical and organisational measures to ensure the security of processing’.
They also state that the authority had ‘infringed the provisions of Article 32 of the General Data Protection Regulation (GDPR) and, in terms of Article 21 of the Data Protection Act (CAP. 586),’.
This decision from the Data Commissioner comes after an investigation from the online data breach from the Lands Authority, which took place on 23rd of November 2018.
The breach saw the dumping of considerable amounts of information and data from clients of the organization.
The GDPR commissioner has placed an administrative fine of €5,000, decided through the grounds of Article 83.2 of the GDPR.
The ban on the Authority’s portal has also been lifted.