Details:
| Summary | The Polish DPA (UODO) imposed a fine of PLN 25,000 (EUR 5,500) on the Medical University of Silesia. In the course of exams held in the form of videoconferences at the end of May 2020, identification of students took place. Once the exam was completed, the recordings of the exams were available not only to the examinees, but also to other people with access to the system. In addition, any outsider could access the records of the examinations and the data of the examined students presented during identification via a direct link. The University failed to report the data breach to the DPA and notify the data subjects. |
| Link: | link |
| Related articles: | Art. 33 (1) GDPR, Art. 34 (1) GDPR |
| Type: | Insufficient fulfilment of data breach notification obligations |
| Fine: | EUR 5,500 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/