Fundację Lumus – €5,220 Fine (Poland, 2026)

€5,220Urząd Ochrony Danych Osobowych10 February 2026Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Fundację Lumus was fined EUR 5,220 for mishandling a personal data breach by not redacting a document before sharing it. This is important because it emphasizes the need for organizations to properly protect sensitive information and notify authorities promptly when breaches occur.

What happened

Fundację Lumus forwarded a document containing personal data without redacting it and failed to notify the DPA about the breach.

Who was affected

Individuals whose personal data was included in the unredacted document shared by Fundację Lumus.

What the authority found

The Polish DPA ruled that Fundację Lumus did not adequately notify them of a personal data breach, violating GDPR notification requirements.

Why this matters

This ruling serves as a reminder for organizations to have strong data protection practices and to act quickly in the event of a breach to avoid fines.

GDPR Articles Cited

AI-verified

Art. 33(1) GDPR
Art. 34(1) GDPR
Art. 37(7) GDPR
Art. 38(6) GDPR
View original scraped data
Art. 33(1) GDPR
Art. 34(1) GDPR
Art. 37(7) GDPR
Art. 38(6) GDPR

Original data from scraper before AI verification against source document.

Source verified 25 March 2026
national law identified
amount discrepancy
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Fundację Lumus actions
Full Legal Summary
Detailed

The Polish DPA has imposed a fine of EUR on Fundację Lumus. The controller suffered a personal data breach as a result of forwarding a document without prior redaction and failed to adequately notify the DPA. In addition, the controller appointed a member of its board as DPO, who later became its president, thereby giving rise to a conflict of interest. The controller also failed to notify the DPA of the designation of the DPO.

Related Enforcement Actions (0)

No other enforcement actions found for Fundację Lumus in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

10 February 2026

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€5,220

Enforcement Tracker ID

ETid-3064

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Fundację Lumus - Poland (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: