Municipality – €6,700 Fine (Poland, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Polish municipality was fined EUR 6,700 after a ransomware attack exposed its weak data protection measures. This is important because it shows that organizations must have strong security systems to protect personal data. Municipalities and other entities should regularly update their IT security to prevent such breaches.
What happened
A municipality in Poland suffered a ransomware attack due to inadequate security measures.
Who was affected
Residents whose personal data was stored in the municipality's IT system.
What the authority found
The Polish DPA found that the municipality failed to implement adequate security measures, allowing a ransomware attack to occur.
Why this matters
This case highlights the need for robust cybersecurity measures to protect personal data. Organizations should ensure their IT systems are secure to prevent data breaches.
GDPR Articles Cited
The Polish DPA has imposed a fine of EUR 6,700 on a municipality. The controller had reported a data breach to the DPA. During its investigation, the DPA found that the controller had suffered a ransomware attack, in which the attackers took advantage of a vulnerability present in the IT system. The DPA found that the controller had failed to install adequate technical and organizational measures to protect personal data, allowing such an attack to occur.
Related Enforcement Actions (1)
Other enforcement actions involving Municipality in PL
Details
Fine Date
16 May 2023
Authority
Urząd Ochrony Danych Osobowych
Fine Amount
€6,700
Enforcement Tracker ID
ETid-1929
About this data
Cite as: Cookie Fines. Municipality - Poland (2023). Retrieved from cookiefines.eu
Last updated: