Mayor of Aleksandrów Kujawski – €9,200 Fine (Poland, 2019)

€9,200Urząd Ochrony Danych Osobowych18 October 2019Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Mayor's office in Aleksandrów Kujawski was fined for outsourcing data processing without proper agreements and failing to secure personal data. This case shows that local governments must follow strict data protection rules and secure personal information. It's crucial for public offices to have clear contracts and data protection measures.

What happened

The Mayor's office outsourced data processing without legal agreements and failed to secure personal data properly.

Who was affected

Citizens whose personal data was processed by the Mayor's office and potentially exposed due to inadequate safeguards.

What the authority found

The Polish data protection authority fined the Mayor's office for lacking legal agreements with service providers and failing to protect personal data.

Why this matters

This ruling emphasizes the importance of formal agreements and robust data protection measures in public offices. It serves as a reminder for all organizations to secure personal data and comply with legal requirements.

GDPR Articles Cited

Art. 5(1)(a) GDPR
Art. 5(1)(e) GDPR
Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Mayor of Aleksandrów Kujawski actions
Full Legal Summary
Detailed

From 28 January - 1 February 2019, the UODO conducted investigation regarding the compliance of processing operations with the GDPR at the Municipal Office of the Mayor of Aleksandrów Kujawski. The UODO found that the local government did not comply with the GDPR because of three main infringements. First, the Municipal Office was outsourcing the processing of citizens’ personal data to a third party without any legal basis. Indeed, the city did not conclude any contractual agreements with the software service provider as foreseen under Art 28(3) GDPR. The UODO found that the local government violated Article 5(1)(a) and (f) of the GDPR. Secondly, the personal data collected were stored without any criteria to determine the retention period. Therefore, the UODO found that this processing violated Article 5(1)(e) of the GDPR. Lastly, the local government did not implement sufficient safeguards to secure a video recording from its Council’s meeting, nor conducted the necessary risk assessment. Therefore, the UODO found that the local government violated Article 5 (1)(f) and (2) of the GDPR.

Related Enforcement Actions (0)

No other enforcement actions found for Mayor of Aleksandrów Kujawski in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

18 October 2019

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€9,200

40,000 PLN

GDPRhub ID

gdprhub-1538

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Mayor of Aleksandrów Kujawski - Poland (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: