Unknown – €358,000 Fine (Poland, 2024)

€358,000

Urząd Ochrony Danych Osobowych

20 November 2024

Poland

final

Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Polish DPA has imposed a fine of EUR 358,000 on a company. The company had inadvertently published customer data (first name, last name, email address, home address, encrypted passwords) in the process of redesigning its website. The incident affected approximately 20,000 data subjects. The DPA found that the controller had not sufficiently ensured the security of personal data during the process, for example, by conducting regular tests and risk assessments. Instead, it relied on information provided by the hired subcontractor without proper oversight.

GDPR Articles Cited

AI-verified

View original scraped data

Art. 5(1)(f) GDPR

Art. 5(2) GDPR

Art. 25(1) GDPR

Art. 28(1) GDPR

Art. 32(1) GDPR

(2) GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 104 § 1 Kodeks postępowania administracyjnego

Art. 7 ust. 1 i 2 ustawy o ochronie danych osobowych

Art. 60 ustawy o ochronie danych osobowych

Art. 101 ustawy o ochronie danych osobowych

Art. 103 ustawy o ochronie danych osobowych

Entities Involved

€1,527,855

(controller)

X(processor)

Source verified 6 March 2026

amount discrepancy

entity split needed

national law identified

Poland enforcement Urząd Ochrony Danych Osobowych actions All Unknown actions

Full Legal Summary

Related Enforcement Actions (8)

Other enforcement actions involving Unknown in PL

Fine

Jan 2021· Urząd Ochrony Danych Osobowych

The Polish DPA (UODO) imposed a fine of EUR 19,000 on a hospital operator. A former employee had unlawfully copied the personal data of 100 patients f...

€19K

Fine

Mar 2022· Urząd Ochrony Danych Osobowych

The Polish DPA (UODO) has fined a data controller EUR 490 for failing to provide information requested by the DPA during an investigation.

€490

Fine

Aug 2022· Urząd Ochrony Danych Osobowych

The Polish DPA (UODO) has fined a data controller EUR 1,450 for failing to provide information requested by the DPA during an investigation.

€1K

Fine

Aug 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 13,000 for failing to provide information requested by the DPA during an investigation.

€13K

Fine

Nov 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 3,200 for failing to provide information requested by the DPA during an investigation.

€3K

Fine

Oct 2024· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 5,800 on a data controller. The controller failed to appoint a data protection officer and to provide the DPA...

€6K

Fine

Nov 2024· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 4,700 on a subcontractor that was contracted to redesign the website of another company. This fine is linked ...

€5K

Current

Nov 2024

Fine

€358K

Fine

Sept 2025· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 2,670 on an unkonwn company in the health care sector. The controller appointed its CEO as the DPO.

€3K

Details

Fine Date

20 November 2024

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€358,000

Enforcement Tracker ID

ETid-2491

Sources

About this data

Data: CMS GDPR Enforcement Tracker

Licensed under CC BY-NC-SA 4.0

AI-verified and classified

Cite as: Cookie Fines. Unknown - Poland (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: 6 March 2026