Company – €135,600 Fine (Poland, 2024)

€135,600Urząd Ochrony Danych Osobowych18 December 2024Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Polish bank was fined €135,600 for not properly managing its data protection officer and failing to assess the risks of profiling. This is important because it shows that companies must follow GDPR rules to protect user privacy. Proper management of data protection roles is crucial for compliance.

What happened

A bank failed to ensure its data protection officer could report directly to management and did not conduct required assessments on profiling.

Who was affected

Customers of the bank who were affected by improper data handling and profiling practices.

What the authority found

The Polish DPA ruled that the bank violated GDPR by not allowing its data protection officer to operate independently and failing to assess the impact of profiling.

Why this matters

This ruling emphasizes the need for companies to properly manage their data protection processes. It serves as a reminder that compliance with GDPR is essential for all businesses handling personal data.

GDPR Articles Cited

AI-verified

Art. 30(1) GDPR
Art. 35(1) GDPR
Art. 38(3) GDPR
View original scraped data
Art. 38(3) GDPR
Art. 30(1) GDPR
Art. 35(1) GDPR
(7) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
amount discrepancy
national law identified
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Company actions
Full Legal Summary
Detailed

The Polish DPA fined a company in the banking sector EUR 135,600. The DPA inspected the fined company and found several violations of the GDPR. First, the company failed to ensure that the DPO could report directly to top management and that the DPO did not receive instructions on the performance of the tasks given to the DPO. Second, the company failed to include profiling in the list of data processing operations. Third, the company failed to conduct a privacy impact assessment regarding the use of profiling. The violation regarding the DPO resulted in a fine of EUR 61,600. The violation regarding the unlawful use of profiling resulted in a fine of EUR 74,000.

Related Enforcement Actions (11)

Other enforcement actions involving Company in PL

Fine
Dec 2022· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a company EUR 6,300 for failing to provide information requested by the DPA during an investigation.

€6K
Fine
Jan 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 4,100 for failing to provide information requested by the DPA during an investigation.

€4K
Fine
Feb 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 7,200 on a company. The controller had suffered a data breach that resulted in the loss of personal data. Dur...

€7K
Fine
May 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 2,300 for failing to provide information requested by the DPA during an investigation.

€2K
Fine
May 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 10,600 on a company. The company had suffered a ransomware attack on their systems which resulted in the loss...

€11K
Fine
Jun 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 4,300 for failing to provide information requested by the DPA during an investigation.

€4K
Fine
Jun 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a company EUR 7,500 for failing to provide information requested by the DPA during an investigation.

€8K
Fine
Jul 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a company EUR 2,500 for failing to report a data breach to the DPA and data subjects.

€3K
Fine
Jul 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 3,400 on a company. The controller had reported a data breach to the DPA. The company car of a senior employe...

€3K
Fine
Dec 2023· Urząd Ochrony Danych Osobowych

The Polish DPA has fined a data controller EUR 5,500 for failing to sufficiently cooperate with the DPA during an investigation.

€6K
Fine
May 2024· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 336,000 on a company. The company had suffered a ransomware attack on their systems which resulted in the los...

€336K
Current
Dec 2024

Fine

€136K

Details

Fine Date

18 December 2024

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€135,600

Enforcement Tracker ID

ETid-2591

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Company - Poland (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: