Chief National Surveyor (Główny Geodeta Kraju) – €13,800 Fine (Poland, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Polish data protection authority fined the Chief National Surveyor for accidentally posting personal data online. The data included land and mortgage register numbers, which could identify individuals. This case highlights the importance of reporting data breaches and protecting personal information.
What happened
The Chief National Surveyor accidentally disclosed land and mortgage register numbers on its website for about 48 hours.
Who was affected
Individuals whose personal data, such as names and addresses, were linked to the disclosed land and mortgage register numbers.
What the authority found
The Polish DPA decided that the disclosure of the register numbers was unlawful and should have been reported as a data breach.
Why this matters
This case emphasizes that even short-term data disclosures must be reported if they can identify individuals. Businesses should ensure they understand what constitutes personal data and follow proper breach notification procedures.
GDPR Articles Cited
The Chief National Surveyor (the controller) accidentally disclosed land and mortgage register numbers on its website. The numbers were publicly available for about 48 hours. The controller did not notify the DPA and the affected data subjects of this event. In the investigation that followed, the controller claimed first, that the data disclosed were not personal data. Second, it argued that their publication was lawful and therefore did not constitute a data breach. Lastly, the controller submitted that, in any case, this disclosure did not entail any risk to the rights and freedoms of natural persons due to the short-term nature of the disclosure and the availability of the data in other sources. For this reason, the controller deemed that there was no need to notify the DPA and the affected data subjects under Articles 33(1) and 34(1) GDPR. The Polish DPA held, first, that land and mortgage register numbers constitute personal data. The land and mortgage register of natural persons contains, among others, first names, surnames, parents' names, PESEL numbers (i.e. an eleven-digit numeric symbol, uniquely identifying a natural person, containing the date of birth, serial number, gender and a control number), and real estate addresses. The land and mortgage register numbers consequently enabled anyone to identify persons whose data were included in the land and mortgage register. Thus, land and mortgage register number is information allowing one to indirectly identify a natural person. Second, the Polish DPA held that the publication of the land and mortgage register numbers was not lawful. Whilst the Land and Mortgage Register Act provides for the land and mortgage register being public via a dedicated ICT system, it does not refer to disclosing such information on publicly available websites. Similarly, the Geodetic and Cartographic Act states that the relevant data could only be shared by the district governor upon request. Lastly, the Regulations of the
Related Enforcement Actions (0)
No other enforcement actions found for Chief National Surveyor (Główny Geodeta Kraju) in PL
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
6 July 2022
Authority
Urząd Ochrony Danych Osobowych
Fine Amount
€13,800
60,000 PLN
GDPRhub ID
gdprhub-5239About this data
Cite as: Cookie Fines. Chief National Surveyor (Główny Geodeta Kraju) - Poland (2022). Retrieved from cookiefines.eu
Last updated: