Details:
| Summary | The Polish DPA has imposed a fine of EUR 12,450 on the public cartography institute Głównego Geodetę Kraju. The institute had suffered a data breach in which numerous land register numbers were visible on the institute’s website for more than 48 hours. The land register number allows a number of owners’ data to be determined, including their first and last names, the names of their parents and the address of the property. The institute had failed to report the breach to the DPA, with the result that it learned of the incident through media reports. The institute also failed to inform the data subjects of the incident. For this reason, the DPA found that the controller violated Article 33 (1) GDPR and Article 34 (1) GDPR. |
| Link: | link |
| Related articles: | Art. 33 (1) GDPR, Art. 34 (1) GDPR |
| Type: | Insufficient fulfilment of data breach notification obligations |
| Fine: | EUR 12,450 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/