Poczta Polska SA (Polish Post) – €6,300,000 Fine (Poland, 2025)

€6,300,000Urząd Ochrony Danych Osobowych17 March 2025Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Poczta Polska SA was fined €6.3 million for sharing personal data of over 30 million people without proper legal authority. This data was linked to a planned postal vote during the Covid-19 pandemic. The ruling highlights the importance of following data protection rules when handling sensitive information.

What happened

Poczta Polska SA unlawfully disclosed personal data from the PESEL database of over 30 million citizens.

Who was affected

Citizens of Poland whose personal data, including names and addresses, was shared without consent.

What the authority found

The Polish DPA found that Poczta Polska had no valid legal basis for processing this personal data, violating GDPR requirements.

Why this matters

This case underscores the need for companies to ensure they have proper legal authority before sharing personal data. It serves as a warning to other organizations about the consequences of mishandling sensitive information.

GDPR Articles Cited

AI-verified

Art. 6(1) GDPR
View original scraped data
Art. 6(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 4 March 2026
amount discrepancy
entity split needed
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Poczta Polska SA (Polish Post) actions
Full Legal Summary
Detailed

The Polish DPA has imposed a fine of EUR 6.3 million on Poczta Polska SA (Polish Post) for the unlawful disclosure of personal data of over 30 million citizens from the PESEL database, in connection with the planned postal vote during the Covid-19 pandemic. Although the law amending the electoral regulations had not yet come into effect, the Ministry of Digital Affairs transferred sensitive data such as names, addresses, and PESEL numbers to the postal company. The data was only deleted weeks later—too late, according to the DPA, and in violation of data protection regulations.

Related Enforcement Actions (1)

Other enforcement actions involving Poczta Polska SA (Polish Post) in PL

Fine
Mar 2025· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 6.3 million on Poczta Polska SA (Polish Post) for the unlawful disclosure of personal data of over 30 million...

Current
Mar 2025

Fine

€6.3M

Details

Fine Date

17 March 2025

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€6,300,000

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Poczta Polska SA (Polish Post) - Poland (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: