TUiR Warta S.A.

€18,850

Insufficient fulfilment of data breach notification obligations

Date de décision

9 décembre 2020

Autorité

Polish National Personal Data Protection Office (UODO)

PL

Secteur

Finance, Insurance and Consulting

Pays

PL

Droit

GDPR

Statut

FINAL

Description

An insurance agent hired by the controller had sent an email to unauthorized third parties in regard to insurance policies that contained personal data of two of the company's customers after they had mistakenly provided false email addresses. The leaked data included data such as the names, email adresses and postal addresses of the data subjects. The controller had not informed either the Polish DPA nor the data subjects about the data breach in a timely manner within 72 hours. The controller believed that there was no breach requiring notification because the data subjects themselves had mistakenly provided incorrect e-mail addresses. The Polish DPA states that this circumstance does not release the controller from its obligation to report this data breach in a timely manner.

Citations légales

Art. 33 (1)Art. 34 (1)

Questions et violations

Insufficient fulfilment of data breach notification obligations
Voir le document officiel
Retour à la base de données des amendes
Précédent Amende
Spanish Data Protection Authority (aepd) - Unknown...
Prochaine amende
Data Protection Authority of Hamburg (HmbBfDI) - C...

Restez informé sur l'application de la législation en matière de protection de la vie privée

Nous respectons votre vie privée. Un courriel par mois, pas de spam, désabonnement à tout moment.