ID Finance Poland Sp. z o.o. – €235,300 Fine (Poland, 2020)

€235,300Urząd Ochrony Danych Osobowych17 December 2020Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

ID Finance Poland was fined over EUR 235,000 because a server error exposed personal data of nearly 141,000 customers. This breach highlights the importance of having strong security measures to protect customer information. Businesses must ensure their systems are secure to avoid similar penalties.

What happened

ID Finance Poland's server settings were reset, exposing personal data of 140,699 customers.

Who was affected

Customers whose personal information, like names and addresses, was made publicly available.

What the authority found

The Polish DPA found that ID Finance Poland failed to implement adequate security measures, violating GDPR's data protection rules.

Why this matters

This case underscores the need for companies to maintain robust security protocols to protect customer data. It serves as a reminder that technical errors can lead to significant fines and data breaches.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
Art. 25(1) GDPR
Art. 32(1)(b) GDPR
Art. 32(1)(d) GDPR
Art. 32(2) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 25(1) GDPR
Art. 32(1)(b) GDPR
d)
(2) GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 104 § 1 Kodeks postępowania administracyjnego
Art. 105 § 1 Kodeks postępowania administracyjnego
Art. 7 ust. 1 ustawy o ochronie danych osobowych
Art. 60 ustawy o ochronie danych osobowych
Art. 101 ustawy o ochronie danych osobowych
Art. 103 ustawy o ochronie danych osobowych
Source verified 6 March 2026
national law identified
amount discrepancy
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll ID Finance Poland Sp. z o.o. actions
Full Legal Summary
Detailed

The Polish DPA (UODO) imposed a fine of EUR 235,300 on ID Finance Poland Sp. z o.o. Due to an error while restarting a server, the settings of the software responsible for the server's security were reset, making the personal data of 140 699 customers publicly available. These data contained, for example, information about the first and last name, address, nationality or even marital status of the data subjects. The database located on this server was downloaded and deleted by an unspecified third party, who demanded a fee from the company for the return of the database. The DPA noted that the controller had taken insufficient technical and organizational measures to ensure the protection of the processing, even though there was a high risk for the data subjects due to the nature of the data processed.

Related Enforcement Actions (0)

No other enforcement actions found for ID Finance Poland Sp. z o.o. in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

17 December 2020

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€235,300

Enforcement Tracker ID

ETid-509

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. ID Finance Poland Sp. z o.o. - Poland (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: