McDonald’s Polska Sp. z o.o.

€3,955,000

Non-compliance with general data processing principles

Dato for beslutning

21. juli 2025

Myndighet

Polish National Personal Data Protection Office (UODO)

PL

Sektor

Employment

Land

PL

Lov og rett

GDPR

Status

FINAL

Beskrivelse

The Polish DPA has imposed a fine of EUR 3,955,000 on McDonald’s Polska Sp. z o.o. The controller used a third party processor (see ETid: 2758) for the purpose of managing work scheduals. The controller failed to ensure, that the processor implemented sufficient technical and organisational measures to ensure data security, resulting in a data breach. Additionally the controller failed to ensure, that only necessary data had been processed and the controller also did not adequatly involve the DPO in all relevant activities.

Juridiske henvisninger

Art. 5 (1)Art. 25 (1)Art. 28 (1)Art. 38 (1)

Problemer og overtredelser

Non-compliance with general data processing principles
Se offisielt dokument
Tilbake til bøtedatabasen
Tidligere Fine
Spanish Data Protection Authority (aepd) - CLUB BA...
Neste bot
Data Protection Authority of Hamburg (HmbBfDI) - C...

Hold deg oppdatert om håndheving av personvern

Vi respekterer personvernet ditt. Én e-post per måned, ingen spam, avmelding når som helst.