University fined due to lack of appropriate TOMs

  • Author: Wolfgang von Sandersleben, DP-Dock GmbH
  • Last updated: January 2024
  • Category: Data Security, Enforcement

The technical aspect of data protection is often overlooked by Data Controllers who are most likely to focus on the legal aspects of the issue and fail to adopt a holistic approach to the subject of privacy.

Such was the case of the Open University of Cyprus, who got fined an amount of €45,000 fine after failing to protect personal data of active students, alumni and university contractors form a hacker attack. The hackers namely threatened to release the personal data of the aforementioned data subjects to the dark web, unless the University paid them a ransom of €100,000.

Lack of appropriate security measures was cited by the Commissioner for Personal Data Protection as the reason for the attack and the subsequent fine, while instructions for the appointment of a security systems followed. The importance of the implementation of appropriate technical and organizational measures was further underlined, since it is closely intertwined with the principle of accountability of Art. 5 (2) GDPR according to the Commissioner.

We, at DP-Dock, are ready to help our clients approach both the legal and the technical aspects of data protection and offer our assistance in a way that fits the needs of your business.

For more information please follow the link.

System hacked alert on computer screen after cyber attack on network. Cybersecurity vulnerability on internet, virus, data breach, malicious connection. Employee working in office
© NicoElNino / stock.adobe.com | #486018130

Back to the news overview

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group essential
Name Matomo
Technical name
Provider
Expire in days 72
Privacy policy
Use Use without cookies
Allowed
Group external media
Name Calendly
Technical name __cf_bm,__cfruid,OptanonConsent
Provider Calendly LLC
Expire in days 365
Privacy policy
Use To arrange appointments via the provider Calendly
Allowed
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Name Contao HTTPS CSRF Token
Technical name csrf_https_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Name PHP SESSION ID
Technical name PHPSESSID
Provider Contao
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed
Privacy Policy | Privacy Policy