Śląski Uniwersytet Medyczny (Medical University of Silesia) – €5,500 Fine (Poland, 2021)

€5,500Urząd Ochrony Danych Osobowych5 January 2021Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Medical University of Silesia was fined EUR 5,500 for failing to secure students' personal data during online exams. Exam recordings were accessible to unauthorized individuals, and the university didn't report the breach or notify affected students. This case emphasizes the need for educational institutions to protect student data and promptly report breaches.

What happened

The Medical University of Silesia failed to secure exam recordings, making them accessible to unauthorized people.

Who was affected

Students whose personal data and exam recordings were exposed during online exams.

What the authority found

The Polish data protection authority found that the university failed to report a data breach and notify affected students, violating GDPR requirements.

Why this matters

This case highlights the importance of securing personal data during online activities and the obligation to report breaches. Educational institutions should ensure robust data protection measures and be prepared to act swiftly in case of a breach.

GDPR Articles Cited

Art. 33(1) GDPR
Art. 34(1) GDPR
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Śląski Uniwersytet Medyczny (Medical University of Silesia) actions
Full Legal Summary
Detailed

The Polish DPA (UODO) imposed a fine of PLN 25,000 (EUR 5,500) on the Medical University of Silesia. In the course of exams held in the form of videoconferences at the end of May 2020, identification of students took place. Once the exam was completed, the recordings of the exams were available not only to the examinees, but also to other people with access to the system. In addition, any outsider could access the records of the examinations and the data of the examined students presented during identification via a direct link. The University failed to report the data breach to the DPA and notify the data subjects.

Related Enforcement Actions (0)

No other enforcement actions found for Śląski Uniwersytet Medyczny (Medical University of Silesia) in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

5 January 2021

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€5,500

Enforcement Tracker ID

ETid-527

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Śląski Uniwersytet Medyczny (Medical University of Silesia) - Poland (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: