Details:
| Summary | The Polish DPA has fined PIKA Sp. z o.o. in the amount of EUR 53,000. The fine is related to a fine imposed on Fortum Marketing and Sales Polska S.A.. PIKA was acting as a processor for Fortum. During its investigation, the DPA found that unauthorized persons had managed to access and siphon off customer data.The data breach occurred at the time of the introduction of a change in the company’s IT environment by PIKA. As part of this change, an additional Fortum customer database was created. However, the server on which the database was stored did not have sufficient security measures, which is why the unauthorized persons were able to access the data. The DPA also found that PIKA had failed to pseudonymize and encrypt the data. In addition, PIKA had used real customer data rather than test data to test the system changes. For this reason, the DPA concluded that PIKA had failed to take appropriate technical and organizational measures to ensure the protection of personal data. |
| Link: | link |
| Related articles: | Art. 28 (3) c), f) GDPR, Art. 32 (1), (2) GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 53,000 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/