Company – €336,000 Fine (Poland, 2024)

€336,000Urząd Ochrony Danych Osobowych20 May 2024Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Polish DPA has imposed a fine of EUR 336,000 on a company. The company had suffered a ransomware attack on their systems which resulted in the loss of personal data. During its investigation the DPA found that the company had failed to install adequate technical and organizational measures to protect personal data, allowing such an attack to occur.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 24(1) GDPR
Art. 32(1) GDPR
Art. 32(2) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 32(1) GDPR
(2) GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 104 § 1 Kodeks postępowania administracyjnego
Art. 7 ust. 1 i 2 ustawy z dnia 10 maja 2018 r.
Art. 60 ustawy z dnia 10 maja 2018 r.
Art. 90 ustawy z dnia 10 maja 2018 r.
Art. 101 ustawy z dnia 10 maja 2018 r.
Art. 103 ustawy z dnia 10 maja 2018 r.
Source verified 6 March 2026
articles corrected
amount discrepancy
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Company actions
Full Legal Summary

The Polish DPA has imposed a fine of EUR 336,000 on a company. The company had suffered a ransomware attack on their systems which resulted in the loss of personal data. During its investigation the DPA found that the company had failed to install adequate technical and organizational measures to protect personal data, allowing such an attack to occur.

Related Enforcement Actions (8)

Other enforcement actions involving Company in PL

Fine
Dec 2022· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a company EUR 6,300 for failing to provide information requested by the DPA during an investigation.

€6K
Fine
Feb 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 7,200 on a company. The controller had suffered a data breach that resulted in the loss of personal data. Dur...

€7K
Fine
May 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 10,600 on a company. The company had suffered a ransomware attack on their systems which resulted in the loss...

€11K
Fine
May 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 2,300 for failing to provide information requested by the DPA during an investigation.

€2K
Fine
Jun 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 4,300 for failing to provide information requested by the DPA during an investigation.

€4K
Fine
Jul 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 3,400 on a company. The controller had reported a data breach to the DPA. The company car of a senior employe...

€3K
Fine
Dec 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 5,500 for failing to sufficiently cooperate with the DPA during an investigation.

€6K
Current
May 2024

Fine

€336K

Fine
Dec 2024· Urząd Ochrony Danych Osobowych

The Polish DPA fined a company in the banking sector EUR 135,600. The DPA inspected the fined company and found several violations of the GDPR. First,...

€136K

Details

Fine Date

20 May 2024

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€336,000

Enforcement Tracker ID

ETid-2428

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Company - Poland (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: