ID Finance Poland Sp. z o.o.
Insufficient technical and organisational measures to ensure information security
Ngày ra quyết định
17 tháng 12, 2020
Thẩm quyền
Polish National Personal Data Protection Office (UODO)
PL
Ngành
Finance, Insurance and Consulting
Quốc gia
PL
Luật
GDPRTrạng thái
FINALMô tả
The Polish DPA (UODO) imposed a fine of EUR 235,300 on ID Finance Poland Sp. z o.o. Due to an error while restarting a server, the settings of the software responsible for the server's security were reset, making the personal data of 140 699 customers publicly available. These data contained, for example, information about the first and last name, address, nationality or even marital status of the data subjects. The database located on this server was downloaded and deleted by an unspecified third party, who demanded a fee from the company for the return of the database. The DPA noted that the controller had taken insufficient technical and organizational measures to ensure the protection of the processing, even though there was a high risk for the data subjects due to the nature of the data processed.