mBank

€940,000

Insufficient fulfilment of data breach notification obligations

Karar Tarihi

20 Ağustos 2024

Otorite

Polish National Personal Data Protection Office (UODO)

PL

Sektör

Finance, Insurance and Consulting

Ülke

PL

Hukuk

GDPR

Durum

FINAL

Açıklama

The Polish DPA has fined mBank EUR 940,000. The bank had suffered a data breach in which an employee of the controller sent documents containing customer data to the wrong recipient. The documents contained information such as names, account numbers, dates of birth and ID card numbers. Although the documents were returned to mBank, the envelope had been opened , meaning that third parties may have had access to the documents. During its investigation, the DPA found that, although the controller informed the DPA of the incident, it failed to notify the data subjects in a timely manner.

Yasal Atıflar

Art. 34 (1)

Sorunlar & İhlaller

Insufficient fulfilment of data breach notification obligations
Resmi Belgeyi Görüntüle
Para Cezaları Veritabanına Geri Dön
Önceki İnce
Austrian Data Protection Authority (dsb) - Company...
Sonraki İnce
Data Protection Authority of Hamburg (HmbBfDI) - C...

Gizlilik Uygulamasından Haberdar Olun

Gizliliğinize saygı duyuyoruz. Ayda bir e-posta, spam yok, istediğiniz zaman abonelikten çıkın.