TUiR Warta S.A.

€18,850

Insufficient fulfilment of data breach notification obligations

Fecha de la decisión

9 de diciembre de 2020

Autoridad

Polish National Personal Data Protection Office (UODO)

PL

Sector

Finance, Insurance and Consulting

País

PL

Ley

GDPR

Estado

FINAL

Descripción

An insurance agent hired by the controller had sent an email to unauthorized third parties in regard to insurance policies that contained personal data of two of the company's customers after they had mistakenly provided false email addresses. The leaked data included data such as the names, email adresses and postal addresses of the data subjects. The controller had not informed either the Polish DPA nor the data subjects about the data breach in a timely manner within 72 hours. The controller believed that there was no breach requiring notification because the data subjects themselves had mistakenly provided incorrect e-mail addresses. The Polish DPA states that this circumstance does not release the controller from its obligation to report this data breach in a timely manner.

Citas legales

Art. 33 (1)Art. 34 (1)

Problemas e infracciones

Insufficient fulfilment of data breach notification obligations
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Spanish Data Protection Authority (aepd) - Unknown...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.