Company – €7,200 Fine (Poland, 2023)

€7,200Urząd Ochrony Danych Osobowych8 February 2023Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Polish company was fined €7,200 for not securing personal data properly, leading to a data breach. The Polish data protection authority found the company didn't have enough safeguards in place and didn't check if their service provider could protect the data. This case highlights the importance of having strong security measures and checking partners' data protection capabilities.

What happened

A company in Poland suffered a data breach due to inadequate security measures.

Who was affected

Individuals whose personal data was lost in the data breach.

What the authority found

The Polish data protection authority found the company failed to implement proper security measures, violating GDPR's requirements for data protection and accountability.

Why this matters

This case underscores the need for businesses to ensure robust data protection practices and to verify that their service providers can adequately protect personal data. It serves as a reminder that failing to secure personal data can lead to regulatory fines.

GDPR Articles Cited

Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 24(1) GDPR
Art. 25(1) GDPR
Art. 32(1) GDPR
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Company actions
Full Legal Summary
Detailed

The Polish DPA has imposed a fine of EUR 7,200 on a company. The controller had suffered a data breach that resulted in the loss of personal data. During its investigation, the DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data, which facilitated the data breach. The controller had failed to conduct certain risk analyses, for example. In addition, the DPA found that the controller failed to review its processor and ensure that it provided sufficient guarantees to protect personal data.

Related Enforcement Actions (8)

Other enforcement actions involving Company in PL

Fine
Dec 2022· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a company EUR 6,300 for failing to provide information requested by the DPA during an investigation.

€6K
Current
Feb 2023

Fine

€7K

Fine
May 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 10,600 on a company. The company had suffered a ransomware attack on their systems which resulted in the loss...

€11K
Fine
May 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 2,300 for failing to provide information requested by the DPA during an investigation.

€2K
Fine
Jun 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 4,300 for failing to provide information requested by the DPA during an investigation.

€4K
Fine
Jul 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 3,400 on a company. The controller had reported a data breach to the DPA. The company car of a senior employe...

€3K
Fine
Dec 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 5,500 for failing to sufficiently cooperate with the DPA during an investigation.

€6K
Fine
May 2024· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 336,000 on a company. The company had suffered a ransomware attack on their systems which resulted in the los...

€336K
Fine
Dec 2024· Urząd Ochrony Danych Osobowych

The Polish DPA fined a company in the banking sector EUR 135,600. The DPA inspected the fined company and found several violations of the GDPR. First,...

€136K

Details

Fine Date

8 February 2023

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€7,200

Enforcement Tracker ID

ETid-1808

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Company - Poland (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: