McDonald’s Polska Sp. z o.o. – €3,955,000 Fine (Poland, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Polish DPA has imposed a fine of EUR 3,955,000 on McDonald’s Polska Sp. z o.o. The controller used a third party processor (see ETid: 2758) for the purpose of managing work scheduals. The controller failed to ensure, that the processor implemented sufficient technical and organisational measures to ensure data security, resulting in a data breach. Additionally the controller failed to ensure, that only necessary data had been processed and the controller also did not adequatly involve the DPO in all relevant activities.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Polish DPA has imposed a fine of EUR 3,955,000 on McDonald’s Polska Sp. z o.o. The controller used a third party processor (see ETid: 2758) for the purpose of managing work scheduals. The controller failed to ensure, that the processor implemented sufficient technical and organisational measures to ensure data security, resulting in a data breach. Additionally the controller failed to ensure, that only necessary data had been processed and the controller also did not adequatly involve the DPO in all relevant activities.
Related Enforcement Actions (0)
No other enforcement actions found for McDonald’s Polska Sp. z o.o. in PL
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
21 July 2025
Authority
Urząd Ochrony Danych Osobowych
Fine Amount
€3,955,000
Enforcement Tracker ID
ETid-2757
About this data
Cite as: Cookie Fines. McDonald’s Polska Sp. z o.o. - Poland (2025). Retrieved from cookiefines.eu
Last updated: