The Personal Data Protection Office imposed a fine of over PLN 363,000 on Bank Millenium S.A. for failing to report a data protection breach and for failing to fully inform affected persons of the incident

The Personal Data Protection Office imposed a fine of over PLN 363,000 on Bank Millenium S.A. for failing to report a data protection breach and for failing to fully inform affected persons of the incident. A courier company lost letters containing personal data of bank customers. The bank informed the addressees, but the information in question was insufficient – it did not meet the requirements set out in the GDPR. The bank considered that the risk of negative consequences for the persons affected by the breach was moderate and did not report the breach to the supervisory authority. In addition to imposing an administrative penalty, the PDPO also ordered that the persons affected by the breach be notified in the manner provided for in Article 34(2) of the GDPR.

source

LATEST POSTS

03.04.2024

Spanish Company Penalized for Inadequate Notification of Biometric Data to Employees

03.04.2024

Estonian supervisory authority makes recommendations on secure data processing

25.03.2024

Penalty for CaixaBank for breach of data protection legislation

25.03.2024

Greek ministry fined for data protection breach

13.02.2024

The Slovenian regulatory authority publishes new guidelines on the use of cookies