Details:
| Summary | The Polish DPA (UODO) has imposed a fine of EUR 2,200 on the president of the Zgierz District Court. The president had reported a data breach involving the loss of an unencrypted USB stick by a probation officer. The data medium stored the data of 400 persons under probation supervision. The lost and at the same time unsecured data carrier has not yet been found, so that unauthorized persons could still have access to the personal data it contained. The president had assumed that the duty to secure the data did not lie with himself, but with the respective probation officers who had these data in use. However, the DPA found that the president himself should have secured the USB sticks. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR, Art. 25 (1) GDPR, Art. 32 (1) b), d), (2) GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 2,200 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/