Cyfrowy Polsat S.A. – €245,000 Fine (Poland, 2021)

€245,000Urząd Ochrony Danych Osobowych22 April 2021Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Poland's data protection authority fined Cyfrowy Polsat EUR 245,000 for failing to protect personal data. The company lost or misdelivered sensitive information through its courier service and delayed notifying affected individuals. This case stresses the importance of securing data and promptly informing people about breaches.

What happened

Cyfrowy Polsat was fined for losing or misdelivering personal data and delaying breach notifications.

Who was affected

Individuals whose personal data was lost or delivered to the wrong recipients by Cyfrowy Polsat.

What the authority found

The Polish DPA found that Cyfrowy Polsat failed to implement adequate security measures and delayed notifying affected individuals about data breaches.

Why this matters

This fine highlights the responsibility of companies to safeguard personal data and promptly inform individuals of breaches. Businesses should ensure their data protection measures are robust and timely.

GDPR Articles Cited

AI-verified

Art. 24(1) GDPR
Art. 32(1) GDPR
Art. 32(2) GDPR
View original scraped data
Art. 24(1) GDPR
Art. 32(1) GDPR
(2) GDPR
Art. 34(1) GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 104 § 1 KPA
Art. 105 § 1 KPA
Art. 7 ust. 1 UODO
Art. 60 UODO
Art. 101 UODO
Art. 103 UODO
Source verified 6 March 2026
articles corrected
amount discrepancy
national law identified
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Cyfrowy Polsat S.A. actions
Full Legal Summary
Detailed

The Polish DPA (UODO) has fined Cyfrowy Polsat S.A. EUR 245,000. The fine was based on a large number of data breaches reported by the controller to the DPA. Frequently, postal correspondence containing personal data was lost or delivered to the wrong recipient. The DPA notes that although the data breaches were caused by the courier company contracted by the controller, the controller had to ensure that such breaches did not occur. The controller failed to implement technical and organizational measures appropriate to the risk to protect the processing of the data. Furthermore, the controller did not notify the data subjects about the data breaches until two to three months later.

Related Enforcement Actions (0)

No other enforcement actions found for Cyfrowy Polsat S.A. in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

22 April 2021

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€245,000

Enforcement Tracker ID

ETid-681

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Cyfrowy Polsat S.A. - Poland (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: