Poczta Polska SA (Polish Post)
€6,300,000
Insufficient legal basis for data processing
Ημερομηνία απόφασης
17 Μαρτίου 2025
Αρχή
Polish National Personal Data Protection Office (UODO)
PL
Τομέας
Transportation and Energy
Χώρα
PL
Νόμος
GDPRΚατάσταση
FINALΠεριγραφή
The Polish DPA has imposed a fine of EUR 6.3 million on Poczta Polska SA (Polish Post) for the unlawful disclosure of personal data of over 30 million citizens from the PESEL database, in connection with the planned postal vote during the Covid-19 pandemic. Although the law amending the electoral regulations had not yet come into effect, the Ministry of Digital Affairs transferred sensitive data such as names, addresses, and PESEL numbers to the postal company. The data was only deleted weeks later—too late, according to the DPA, and in violation of data protection regulations.
Νομικές παραπομπές
Art. 6 (1)
Θέματα & Παραβάσεις
Insufficient legal basis for data processing