Details:

Summary The Polish DPA (UODO) has fined Cyfrowy Polsat S.A. EUR 245,000. The fine was based on a large number of data breaches reported by the controller to the DPA. Frequently, postal correspondence containing personal data was lost or delivered to the wrong recipient. The DPA notes that although the data breaches were caused by the courier company contracted by the controller, the controller had to ensure that such breaches did not occur. The controller failed to implement technical and organizational measures appropriate to the risk to protect the processing of the data. Furthermore, the controller did not notify the data subjects about the data breaches until two to three months later.
Link: link
Related articles:  Art. 24 (1) GDPR, Art. 32 (1), (2) GDPR, Art. 34 (1) GDPR
Type: Insufficient technical and organisational measures to ensure information security
Fine: EUR 245,000
Sector Media, Telecoms and Broadcasting

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law