Unknown

€358,000

Insufficient technical and organisational measures to ensure information security

Karar Tarihi

20 Kasım 2024

Otorite

Polish National Personal Data Protection Office (UODO)

PL

Sektör

Not assigned

Ülke

CZ

Hukuk

GDPR

Durum

FINAL

Açıklama

The Polish DPA has imposed a fine of EUR 358,000 on a company. The company had inadvertently published customer data (first name, last name, email address, home address, encrypted passwords) in the process of redesigning its website. The incident affected approximately 20,000 data subjects. The DPA found that the controller had not sufficiently ensured the security of personal data during the process, for example, by conducting regular tests and risk assessments. Instead, it relied on information provided by the hired subcontractor without proper oversight.

Yasal Atıflar

Art. 5 (1)Art. 5 (2)Art. 25 (1)Art. 28 (1)Art. 32 (1)

Sorunlar & İhlaller

Insufficient technical and organisational measures to ensure information security
Resmi Belgeyi Görüntüle
Para Cezaları Veritabanına Geri Dön
Önceki İnce
Spanish Data Protection Authority (aepd) - VODAFON...
Sonraki İnce
Data Protection Authority of Hamburg (HmbBfDI) - C...

Gizlilik Uygulamasından Haberdar Olun

Gizliliğinize saygı duyuyoruz. Ayda bir e-posta, spam yok, istediğiniz zaman abonelikten çıkın.