Bank Millennium S.A – €78,000 Fine (Poland, 2021)

€78,000Urząd Ochrony Danych Osobowych14 October 2021Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Bank Millennium S.A. was fined EUR 78,000 for losing customer data sent through a courier service and failing to report the incident. The Polish data protection authority found that the bank didn't notify affected customers or the authority about the breach. This case highlights the importance of promptly reporting data breaches to protect customer privacy.

What happened

Bank Millennium lost customer data sent via courier and didn't report the breach to the authorities or notify affected customers.

Who was affected

Customers of Bank Millennium whose personal data, including names and account numbers, were lost in transit.

What the authority found

The Polish data protection authority ruled that Bank Millennium failed to report the data breach and notify customers, violating GDPR's requirements for breach notifications.

Why this matters

This case underscores the critical need for companies to have robust procedures for reporting data breaches. It serves as a reminder that timely notification to both authorities and affected individuals is essential under GDPR.

GDPR Articles Cited

Art. 33(1) GDPR
Art. 34(1) GDPR
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Bank Millennium S.A actions
Full Legal Summary
Detailed

The Polish DPA (UODO) has imposed a fine of EUR 78,000 on Bank Millennium S.A.. The UODO had become aware of a data protection breach following a complaint against the bank. It turned out that correspondence sent by the bank through a courier service containing personal data such as first name, last name, PESEL number, home address, account numbers and identification numbers of customers, had been lost. In this regard, the UODO found that the bank had failed to report the incident to the DPA and provide adequate notice to the data subjects.

Related Enforcement Actions (0)

No other enforcement actions found for Bank Millennium S.A in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

14 October 2021

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€78,000

Enforcement Tracker ID

ETid-901

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Bank Millennium S.A - Poland (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: