PIKA Sp. z o.o. – €53,000 Fine (Poland, 2022)

€53,000Urząd Ochrony Danych Osobowych19 January 2022Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

PIKA Sp. z o.o. was fined EUR 53,000 by the Polish DPA for its role in a data breach involving Fortum's customer data. PIKA failed to secure the data properly during system changes, leading to unauthorized access. This case highlights the importance of data security for companies handling sensitive information.

What happened

PIKA allowed unauthorized access to customer data by failing to secure it during system updates.

Who was affected

Customers whose data was compromised due to PIKA's insufficient security measures.

What the authority found

The Polish DPA concluded that PIKA did not take appropriate technical and organizational measures to protect personal data.

Why this matters

This case emphasizes that companies acting as service providers must ensure strong data protection practices. It serves as a reminder that inadequate security can result in fines and reputational damage.

GDPR Articles Cited

Art. 28(3)(c) GDPR
Art. 32(1) GDPR
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll PIKA Sp. z o.o. actions
Full Legal Summary
Detailed

The Polish DPA has fined PIKA Sp. z o.o. in the amount of EUR 53,000. The fine is related to a fine imposed on Fortum Marketing and Sales Polska S.A.. PIKA was acting as a processor for Fortum. During its investigation, the DPA found that unauthorized persons had managed to access and siphon off customer data.The data breach occurred at the time of the introduction of a change in the company's IT environment by PIKA. As part of this change, an additional Fortum customer database was created. However, the server on which the database was stored did not have sufficient security measures, which is why the unauthorized persons were able to access the data. The DPA also found that PIKA had failed to pseudonymize and encrypt the data. In addition, PIKA had used real customer data rather than test data to test the system changes. For this reason, the DPA concluded that PIKA had failed to take appropriate technical and organizational measures to ensure the protection of personal data.

Related Enforcement Actions (0)

No other enforcement actions found for PIKA Sp. z o.o. in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

19 January 2022

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€53,000

Enforcement Tracker ID

ETid-1105

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. PIKA Sp. z o.o. - Poland (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: