Warsaw University of Technology – €10,000 Fine (Poland, 2021)

€10,000Urząd Ochrony Danych Osobowych9 December 2021Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Warsaw University of Technology was fined EUR 10,000 after a data breach exposed personal information of over 5,000 students and faculty. The breach occurred because the university didn't have proper security measures or conduct a risk assessment. This case emphasizes the need for educational institutions to safeguard personal data with strong security practices.

What happened

A data breach at Warsaw University of Technology exposed personal data due to inadequate security measures.

Who was affected

Students and faculty members whose personal data was stored in the university's application were affected.

What the authority found

The Polish Data Protection Authority found the university lacked proper security measures and had not conducted a risk assessment.

Why this matters

This incident highlights the critical importance of implementing robust security measures and conducting regular risk assessments to protect personal data in educational institutions.

GDPR Articles Cited

Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 24(1) GDPR
Art. 25(1) GDPR
Art. 32(1) GDPR
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Warsaw University of Technology actions
Full Legal Summary
Detailed

The Polish DPA (UODO) has fined Warsaw University of Technology EUR 10,000. The university had reported a data breach to the authority pursuant to Art. 33 GDPR. One of the university's organizational units used an application created by university staff to register for courses and access teaching history, assessment of exam results and billing of fees. In early January 2020, an unauthorized person had downloaded a database from the application that contained personal data of students and faculty (over 5,000 individuals). In its investigation, the DPA found that the Unvierstät had failed to implement appropriate technical and organizational measures that ensured the security of personal data . The DPA also found that the university had not conducted a formal risk assessment.

Related Enforcement Actions (0)

No other enforcement actions found for Warsaw University of Technology in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

9 December 2021

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€10,000

Enforcement Tracker ID

ETid-984

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Warsaw University of Technology - Poland (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: