Details:
| Summary | The Polish DPA (UODO) fined Enea S.A. EUR 30,000 for the controller’s failure to report a personal data breach, in violation of Art. 33 (1) GDPR. The DPA received information about a personal data breach from a person who had become an unauthorized recipient of personal data. The breach consisted of sending an email with an unencrypted, non-password protected attachment that contained personal data of several hundred individuals. The sender of the email was an employee of the sanctioned controller. |
| Link: | link |
| Related articles: | Art. 33 (1) GDPR |
| Type: | Insufficient fulfilment of data breach notification obligations |
| Fine: | EUR 30,000 |
| Sector | Transportation and Energy |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/