Details:
| Summary | The controller had sent an email to that contained personal data of a customer to the wrong recipient. The leaked data included data such as the name, postal address of the data subject and insurance details. In this context the controller had not informed either the Polish DPA nor the data subjects about the data breach in a timely manner within 72 hours. |
| Link: | link |
| Related articles: | Art. 33 (1) GDPR, Art. 34 (1) GDPR |
| Type: | Insufficient fulfilment of data breach notification obligations |
| Fine: | EUR 35,300 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/