Company – €10,600 Fine (Poland, 2023)

€10,600Urząd Ochrony Danych Osobowych31 May 2023Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Polish company was fined EUR 10,600 after a ransomware attack exposed personal data. The company didn't have strong enough security measures and failed to quickly inform authorities and affected individuals. This case highlights the importance of having good data protection practices and quick response plans.

What happened

A company suffered a ransomware attack that led to personal data loss and failed to report the incident promptly.

Who was affected

Individuals whose personal data was compromised in the ransomware attack.

What the authority found

The Polish DPA found that the company lacked adequate security measures and failed to notify the breach in a timely manner, violating GDPR requirements.

Why this matters

This case underscores the need for businesses to implement strong security measures and have clear plans for notifying authorities and individuals in case of data breaches. It serves as a reminder that failing to protect data can lead to significant penalties.

GDPR Articles Cited

Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 25(1) GDPR
Art. 32(1) GDPR
Art. 33(1) GDPR
Art. 34(1) GDPR
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Company actions
Full Legal Summary
Detailed

The Polish DPA has imposed a fine of EUR 10,600 on a company. The company had suffered a ransomware attack on their systems which resulted in the loss of personal data. During its investigation the DPA found that the company had failed to install adequate technical and organizational measures to protect personal data, allowing such an attack to occur. Furthermore the controller failed to inform the DPA and the data subject of the incident in a timely manner.

Related Enforcement Actions (8)

Other enforcement actions involving Company in PL

Fine
Dec 2022· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a company EUR 6,300 for failing to provide information requested by the DPA during an investigation.

€6K
Fine
Feb 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 7,200 on a company. The controller had suffered a data breach that resulted in the loss of personal data. Dur...

€7K
Fine
May 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 2,300 for failing to provide information requested by the DPA during an investigation.

€2K
Current
May 2023

Fine

€11K

Fine
Jun 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 4,300 for failing to provide information requested by the DPA during an investigation.

€4K
Fine
Jul 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 3,400 on a company. The controller had reported a data breach to the DPA. The company car of a senior employe...

€3K
Fine
Dec 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 5,500 for failing to sufficiently cooperate with the DPA during an investigation.

€6K
Fine
May 2024· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 336,000 on a company. The company had suffered a ransomware attack on their systems which resulted in the los...

€336K
Fine
Dec 2024· Urząd Ochrony Danych Osobowych

The Polish DPA fined a company in the banking sector EUR 135,600. The DPA inspected the fined company and found several violations of the GDPR. First,...

€136K

Details

Fine Date

31 May 2023

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€10,600

Enforcement Tracker ID

ETid-1961

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Company - Poland (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: