Non-Public Health Care Institution – €7,700 Fine (Poland, 2025)

€7,700Urząd Ochrony Danych Osobowych4 August 2025Poland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A non-public health care institution in Poland was fined for not protecting patient health records during home visits. This is important because it shows that organizations must consider risks like theft when handling sensitive information. It reminds health care providers to implement better security measures.

What happened

The institution failed to account for the risk of car theft when transporting patient health records.

Who was affected

Patients whose health records were at risk due to inadequate security measures.

What the authority found

The Polish DPA determined that the institution did not adequately protect sensitive data, resulting in the fine.

Why this matters

This ruling emphasizes the need for health care providers to assess risks in their data handling practices. It serves as a warning for all businesses to prioritize data security.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
Art. 25(1) GDPR
Art. 32(1) GDPR
View original scraped data
Art. 5(1) f) GDPR
(2) GDPR
Art. 25(1) GDPR
Art. 32(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 14 March 2026
articles corrected
amount discrepancy
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Non-Public Health Care Institution actions
Full Legal Summary
Detailed

The Polish DPA has imposed a fine of EUR 7,700 on a non-public health care institution. The controller offered home visits by doctors as part of its services. For this purpose, doctors used their private cars and carried patients' health records in them. However, in its risk analysis, the controller failed to take into account the possibility of car theft, resulting in a fine being issued.

Related Enforcement Actions (0)

No other enforcement actions found for Non-Public Health Care Institution in PL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

4 August 2025

Authority

Urząd Ochrony Danych Osobowych

Fine Amount

€7,700

Enforcement Tracker ID

ETid-2765

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Non-Public Health Care Institution - Poland (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: