Głównego Geodetę Kraju

€12,450

Insufficient fulfilment of data breach notification obligations

Date de décision

6 juillet 2022

Autorité

Polish National Personal Data Protection Office (UODO)

PL

Secteur

Public Sector and Education

Pays

PL

Droit

GDPR

Statut

FINAL

Description

The Polish DPA has imposed a fine of EUR 12,450 on the public cartography institute Głównego Geodetę Kraju. The institute had suffered a data breach in which numerous land register numbers were visible on the institute's website for more than 48 hours. The land register number allows a number of owners' data to be determined, including their first and last names, the names of their parents and the address of the property. The institute had failed to report the breach to the DPA, with the result that it learned of the incident through media reports. The institute also failed to inform the data subjects of the incident. For this reason, the DPA found that the controller violated Article 33 (1) GDPR and Article 34 (1) GDPR.

Citations légales

Art. 33 (1)Art. 34 (1)

Questions et violations

Insufficient fulfilment of data breach notification obligations
Voir le document officiel
Retour à la base de données des amendes
Précédent Amende
Spanish Data Protection Authority (aepd) - ASOCIAC...
Prochaine amende
Data Protection Authority of Hamburg (HmbBfDI) - C...

Restez informé sur l'application de la législation en matière de protection de la vie privée

Nous respectons votre vie privée. Un courriel par mois, pas de spam, désabonnement à tout moment.