Details:
| Summary | The Polish DPA (UODO) imposed a fine of EUR 235,300 on ID Finance Poland Sp. z o.o. Due to an error while restarting a server, the settings of the software responsible for the server’s security were reset, making the personal data of 140 699 customers publicly available. These data contained, for example, information about the first and last name, address, nationality or even marital status of the data subjects. The database located on this server was downloaded and deleted by an unspecified third party, who demanded a fee from the company for the return of the database. The DPA noted that the controller had taken insufficient technical and organizational measures to ensure the protection of the processing, even though there was a high risk for the data subjects due to the nature of the data processed. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR, Art. 25 (1) GDPR, Art. 32 (1) b), d), (2) GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 235,300 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/