Santander Bank Polska S. A. – €117,000 Fine (Poland, 2022)

€117,000Urząd Ochrony Danych Osobowych19 January 2022Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Santander Bank Polska was fined for not telling customers about a data breach. A former employee accessed customer data without permission, and the bank didn't inform those affected. This case highlights the importance of notifying people when their data is at risk.

What happened

Santander Bank Polska failed to notify customers about a data breach caused by unauthorized access by a former employee.

Who was affected

Santander customers whose personal data was accessed without permission were affected.

What the authority found

The Polish DPA fined the bank for not informing customers about the breach, which is required when there's a high risk to their data.

Why this matters

This case emphasizes the need for companies to promptly inform customers about data breaches. It serves as a reminder that failing to do so can lead to significant fines and damage to trust.

GDPR Articles Cited

AI-verified

Art. 34(1) GDPR
View original scraped data
Art. 34(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
amount discrepancy
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Santander Bank Polska S. A. actions
Full Legal Summary
Detailed

The Polish DPA has fined Santander Bank Polska S.A. EUR 118,000 for failing to notify data subjects of a data breach. A former employee of the bank managed to gain unauthorized access to a database for electronic services. Among other things, this allowed numerous Santander customers' data to be accessed. Due to the high risk for the data of the data subjects, the bank would have been obliged to inform them of the data breach. However, the bank deliberately refrained from doing so and continued to state that it would not comply with this obligation in the future. The DPA noted that this constituted a major intrusion for the data subjects, as they did not have the opportunity to take appropriate steps to protect their rights.

Related Enforcement Actions (0)

No other enforcement actions found for Santander Bank Polska S. A. in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

19 January 2022

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€117,000

Enforcement Tracker ID

ETid-1085

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Santander Bank Polska S. A. - Poland (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: