TUiR Warta S.A. – €18,850 Fine (Poland, 2020)

€18,850Urząd Ochrony Danych Osobowych9 December 2020Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

TUiR Warta S.A. was fined for not reporting a data breach where an agent accidentally sent customer information to the wrong email addresses. The company failed to notify the authorities and affected customers within the required 72-hour window. This case underscores the importance of timely breach notifications.

What happened

An insurance agent sent customer data to incorrect email addresses, and TUiR Warta S.A. did not report the breach in time.

Who was affected

Two customers whose personal data, including names and addresses, were mistakenly emailed to unauthorized parties.

What the authority found

The Polish DPA fined TUiR Warta S.A. for failing to notify both the authority and the affected customers about the data breach within 72 hours.

Why this matters

This case highlights the critical need for companies to promptly report data breaches, regardless of how they occur. It serves as a reminder that companies must have robust procedures to handle such incidents swiftly.

GDPR Articles Cited

Art. 33(1) GDPR
Art. 34(1) GDPR
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll TUiR Warta S.A. actions
Full Legal Summary
Detailed

An insurance agent hired by the controller had sent an email to unauthorized third parties in regard to insurance policies that contained personal data of two of the company's customers after they had mistakenly provided false email addresses. The leaked data included data such as the names, email adresses and postal addresses of the data subjects. The controller had not informed either the Polish DPA nor the data subjects about the data breach in a timely manner within 72 hours. The controller believed that there was no breach requiring notification because the data subjects themselves had mistakenly provided incorrect e-mail addresses. The Polish DPA states that this circumstance does not release the controller from its obligation to report this data breach in a timely manner.

Related Enforcement Actions (0)

No other enforcement actions found for TUiR Warta S.A. in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

9 December 2020

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€18,850

Enforcement Tracker ID

ETid-510

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. TUiR Warta S.A. - Poland (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: