Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. – €35,300 Fine (Poland, 2021)

€35,300Urząd Ochrony Danych Osobowych21 June 2021Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Polish insurance company, ERGO Hestia, was fined over EUR 35,000 for accidentally emailing a customer's personal data to the wrong person and failing to report the breach quickly. This case shows that companies must act fast to report data breaches and protect customer information.

What happened

ERGO Hestia sent an email containing a customer's personal data to the wrong recipient and did not report the breach promptly.

Who was affected

The affected individuals were customers whose personal data, including names and insurance details, were mistakenly shared.

What the authority found

The Polish DPA fined ERGO Hestia for not notifying the data breach to the authorities and affected individuals within the required 72-hour window.

Why this matters

This fine highlights the critical importance of promptly reporting data breaches to authorities and affected individuals. Companies should ensure they have processes in place to quickly handle and report any data breaches to avoid penalties.

GDPR Articles Cited

Art. 33(1) GDPR
Art. 34(1) GDPR
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. actions
Full Legal Summary
Detailed

The controller had sent an email to that contained personal data of a customer to the wrong recipient. The leaked data included data such as the name, postal address of the data subject and insurance details. In this context the controller had not informed either the Polish DPA nor the data subjects about the data breach in a timely manner within 72 hours.

Related Enforcement Actions (0)

No other enforcement actions found for Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

21 June 2021

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€35,300

Enforcement Tracker ID

ETid-741

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. - Poland (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: