Details:
| Summary | The Polish DPA has imposed a fine of EUR 321 on a housing association. The controller had suffered a data breach involving the theft of documents, including a copy of a notarial deed. During its investigation, the DPA found that the controller had both failed to report the data breach to the DPA in a timely manner and to notify the data subjects affected by the incident. Further, the DPA found that the controller had not adequately checked if the processor provided sufficient guarantees to implement appropriate technical and organisational measures to ensure data protection. |
| Link: | link link |
| Related articles: | Art. 5 (1) a) GDPR, Art. 28 (1), (3), (9) GDPR, Art. 33 (1) GDPR, Art. 34 (1), (2) GDPR |
| Type: | Insufficient fulfilment of data breach notification obligations |
| Fine: | EUR 321 |
| Sector | Real Estate |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/