Municipality – €2,200 Fine (Poland, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Polish municipality was fined €2,200 after an employee copied personal data onto an unauthorized device. The investigation revealed that the municipality lacked proper security measures to prevent such data breaches. This highlights the need for strong data protection practices in public institutions.
What happened
An employee of a municipality copied personal data from a company computer onto an unauthorized data carrier.
Who was affected
Individuals whose personal data was stored on the municipality's systems.
What the authority found
The Polish DPA found that the municipality failed to implement adequate security measures to protect personal data, violating GDPR requirements.
Why this matters
This case emphasizes the importance of implementing robust security measures to prevent unauthorized access to personal data. Public bodies must ensure they have effective data protection strategies to avoid breaches and fines.
GDPR Articles Cited
The Polish DPA has imposed a fine of EUR 2,200 on a municipality. The controller had reported a data breach to the DPA. An employee had unauthorizedly copied a document containing personal data from a company computer onto an unauthorized data carrier. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to prevent such unauthorized copying and to protect personal data.
Related Enforcement Actions (1)
Other enforcement actions involving Municipality in PL
Details
Fine Date
5 May 2023
Authority
Urząd Ochrony Danych Osobowych
Fine Amount
€2,200
Enforcement Tracker ID
ETid-1908
About this data
Cite as: Cookie Fines. Municipality - Poland (2023). Retrieved from cookiefines.eu
Last updated: