Głównego Geodetę Kraju

€12,450

Insufficient fulfilment of data breach notification obligations

Decision Date

July 6, 2022

Authority

Polish National Personal Data Protection Office (UODO)

PL

Sector

Public Sector and Education

Country

PL

Law

GDPR

Status

FINAL

Description

The Polish DPA has imposed a fine of EUR 12,450 on the public cartography institute Głównego Geodetę Kraju. The institute had suffered a data breach in which numerous land register numbers were visible on the institute's website for more than 48 hours. The land register number allows a number of owners' data to be determined, including their first and last names, the names of their parents and the address of the property. The institute had failed to report the breach to the DPA, with the result that it learned of the incident through media reports. The institute also failed to inform the data subjects of the incident. For this reason, the DPA found that the controller violated Article 33 (1) GDPR and Article 34 (1) GDPR.

Legal Citations

Art. 33 (1)Art. 34 (1)

Issues & Violations

Insufficient fulfilment of data breach notification obligations
View Official Document
Back to Fines Database
Previous Fine
Spanish Data Protection Authority (aepd) - ASOCIAC...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.