Enea S.A. – €30,000 Fine (Poland, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Polish data protection authority fined Enea S.A. EUR 30,000 for not reporting a data breach. An employee accidentally sent an email with personal data of hundreds of people without protection. This case shows how crucial it is to report data breaches promptly to avoid penalties.
What happened
Enea S.A. failed to report a data breach involving an unprotected email containing personal data.
Who was affected
Individuals whose personal data was accidentally shared in an unprotected email.
What the authority found
The authority decided that Enea S.A. violated GDPR by not reporting the data breach as required.
Why this matters
This fine emphasizes the importance of promptly reporting data breaches to authorities. Companies should have clear procedures for handling and reporting such incidents to comply with GDPR.
GDPR Articles Cited
The Polish DPA (UODO) fined Enea S.A. EUR 30,000 for the controller's failure to report a personal data breach, in violation of Art. 33 (1) GDPR. The DPA received information about a personal data breach from a person who had become an unauthorized recipient of personal data. The breach consisted of sending an email with an unencrypted, non-password protected attachment that contained personal data of several hundred individuals. The sender of the email was an employee of the sanctioned controller.
Related Enforcement Actions (0)
No other enforcement actions found for Enea S.A. in PL
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
11 January 2021
Authority
Urząd Ochrony Danych Osobowych
Fine Amount
€30,000
Enforcement Tracker ID
ETid-584
About this data
Cite as: Cookie Fines. Enea S.A. - Poland (2021). Retrieved from cookiefines.eu
Last updated: