Company – €336,000 Fine (Poland, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Polish company was fined EUR 336,000 after a ransomware attack exposed personal data. The investigation revealed that the company did not have proper security measures in place to protect this data. This case highlights the importance of strong cybersecurity practices for businesses handling personal information.
What happened
The Polish DPA fined a company for failing to implement adequate security measures, leading to a ransomware attack that compromised personal data.
Who was affected
Employees and customers of the company whose personal data was exposed during the ransomware attack.
What the authority found
The DPA found that the company did not take sufficient technical and organizational steps to protect personal data, violating GDPR requirements.
Why this matters
This ruling emphasizes that companies must prioritize cybersecurity to protect personal data. It serves as a warning that inadequate security can lead to significant financial penalties.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Polish DPA has imposed a fine of EUR 336,000 on a company. The company had suffered a ransomware attack on their systems which resulted in the loss of personal data. During its investigation the DPA found that the company had failed to install adequate technical and organizational measures to protect personal data, allowing such an attack to occur.
Related Enforcement Actions (11)
Other enforcement actions involving Company in PL
Fine
€336K
Details
Fine Date
20 May 2024
Authority
Urząd Ochrony Danych Osobowych
Fine Amount
€336,000
Enforcement Tracker ID
ETid-2428
About this data
Cite as: Cookie Fines. Company - Poland (2024). Retrieved from cookiefines.eu
Last updated: