24/7 Communication Sp. z o.o. – €43,000 Fine (Poland, 2025)

€43,000Urząd Ochrony Danych Osobowych21 July 2025Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

24/7 Communication was fined for not keeping personal data secure, which led to a data breach. This is important because it shows that companies must take data security seriously to protect their clients' information. Small businesses should ensure they have the right measures in place to avoid similar issues.

What happened

24/7 Communication failed to implement sufficient security measures, resulting in a data breach.

Who was affected

Customers of McDonald’s Polska whose personal data was compromised due to the breach.

What the authority found

The Polish Data Protection Authority ruled that 24/7 Communication did not meet the required standards for data security, violating GDPR rules.

Why this matters

This ruling emphasizes the importance of data security for service providers. Companies must prioritize technical and organizational measures to protect personal data from breaches.

GDPR Articles Cited

AI-verified

Art. 5(1)(c) GDPR
Art. 25(1) GDPR
Art. 38(1) GDPR
View original scraped data
Art. 5(1) c) GDPR
Art. 25(1) GDPR
Art. 38(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 12 March 2026
articles corrected
amount discrepancy
entity split needed
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll 24/7 Communication Sp. z o.o. actions
Full Legal Summary
Detailed

The Polish DPA has imposed a fine of EUR 43,000 on 24/7 Communication Sp. z o.o. The fined entity acted as the data processor for McDonald’s Polska Sp. z o.o. (see ETid: 2757). The processor failed to implement sufficient technical and organisational measures to ensure data security, resulting in a data breach. The controller additionally infringed the principle of data minimisation and failed to adequately involve the DPO in relevant activities.

Related Enforcement Actions (0)

No other enforcement actions found for 24/7 Communication Sp. z o.o. in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

21 July 2025

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€43,000

Enforcement Tracker ID

ETid-2758

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. 24/7 Communication Sp. z o.o. - Poland (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: