Details:
| Summary | The Polish DPA (UODO) fined Krajowa Szkoła Sądownictwa i Prokuratury (National School of Justice and Prosecution) EUR 22,200. UODO launched an investigation against the controller after it reported a data breach on its training platform website. During a test migration to the new platform, the data of more than 50,000 individuals had been exposed on the Internet. Among other things, this included the names, user names, postal and e-mail addresses, telephone numbers, units and departments of the data subjects. UODO found that the controller had not taken adequate technical and organizational measures to ensure the confidentiality of the data processed. In addition, the contract that the controller had concluded with the company entrusted with the processing of the data did not comply with the legal requirements. For example, the contract did not contain information about which categories of data would be processed. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR, Art. 25 (1) GDPR, Art. 28 (3) GDPR, Art. 32 (1), (2) GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 22,200 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/