mBank

€940,000

Insufficient fulfilment of data breach notification obligations

Data deciziei

20 august 2024

Autoritatea

Polish National Personal Data Protection Office (UODO)

PL

Sector

Finance, Insurance and Consulting

Țara

PL

Legea

GDPR

Statut

FINAL

Descriere

The Polish DPA has fined mBank EUR 940,000. The bank had suffered a data breach in which an employee of the controller sent documents containing customer data to the wrong recipient. The documents contained information such as names, account numbers, dates of birth and ID card numbers. Although the documents were returned to mBank, the envelope had been opened , meaning that third parties may have had access to the documents. During its investigation, the DPA found that, although the controller informed the DPA of the incident, it failed to notify the data subjects in a timely manner.

Citări juridice

Art. 34 (1)

Probleme și încălcări

Insufficient fulfilment of data breach notification obligations
Vezi documentul oficial
Înapoi la baza de date a amenzilor
Amenda anterioară
Austrian Data Protection Authority (dsb) - Company...
Următoarea amendă
Data Protection Authority of Hamburg (HmbBfDI) - C...

Rămâneți la curent cu aplicarea normelor de confidențialitate

Îți respectăm confidențialitatea. Un e-mail pe lună, fără spam, dezabonare oricând.