Details:
| Summary | The Polish DPA has imposed a fine of EUR 6,400 on the Szczecin-Centrum District Court.
The court had reported a data breach to the DPA involving the loss of three data carriers. One data carrier was an official and encrypted one, the other two were private and unencrypted data carriers containing drafts of court rulings and statements with personal data. In the course of its investigation, the DPA discovered that data carriers which had not been checked and secured by the court’s IT department had been used on official computers over a period of many years. In addition, the DPA found that although there were regulations prohibiting the use of private data carriers, the court failed to check whether employees actually complied with these regulations. In addition, the court failed to implement technical measures to prevent the use of private data carriers. |
| Link: | link link |
| Related articles: | Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 24 (1) GDPR, Art. 25 (1), (2) GDPR, Art. 32 (1), (2) GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 6,400 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/