IDPC - Lands Authority Personal Data Breach

20 February 2019

The Commissioner has today issued his decision to the Lands Authority after concluding the investigation of the data breach, that was brought to his attention by the Times of Malta on 23rd November 2018.  The findings of the investigation established that the online application platform available on the Authority’s portal lacked the necessary technical and organisational measures to ensure the security of processing.  The Lands Authority was found to have infringed the provisions of Article 32 of the General Data Protection Regulation (GDPR) and, in terms of Article 21 of the Data Protection Act (CAP. 586), was served with an administrative fine of €5,000. The level of the fine was reached after the Commissioner took into account the circumstances set out under Article 83.2 of the GDPR.

The temporary ban imposed on the Authority’s portal has been lifted.

The Lands Authority offered their full and unrestricted collaboration to the Commissioner during the course of the entire investigation.    

You can read the original press release here

For further information, please contact the Maltese Supervisory Authority: idpc.info@idpc.org.mt

The press release published here does not constitute official EDPB communication, nor an EDPB endorsement. This press release was originally published by the national supervisory authority and was published here at the request of the SA for information purposes. As the press release is represented here as it appeared on the SA's website or other channels of communication, the news item is only available in English or in the Member State's official language with a short introduction in English. Any questions regarding this press release should be directed to the supervisory authority concerned.