Polish SA: Record Fine Imposed on Fortum Marketing and Sales Polska S.A. for Personal Data Breach

Kişisel Verilerin Korunması Hukuku

An administrative fine of approx. PLN 4.9 million (EUR 1,080,000) has been imposed on Fortum Marketing and Sales Polska S.A. for failing to implement appropriate technical and organisational measures to ensure personal data security and failing to verify the processor by Polish Data Protection Authority (“Polish SA”). In turn, an administrative fine has been imposed on the processor that received a fine of PLN 250,000.00 (EUR 55,000).

The controller learned of the incident not from the processor, but from two independent Internet users who notified him that they had unauthorized access to the database.

The personal data breach involved the copying of the controller's customer data by unauthorized persons. This occurred when a change was made to the ICT environment.

The breach resulted from the processor's failure to comply with basic security principles involving the failure to protect personal data against unauthorized access and the controller learned of the incident not from the processor, but from two independent Internet users who notified him that they had unauthorized access to the database.

You can reach further information here.

Saygılarımızla,

Zümbül Hukuk ve Danışmanlık

info@zumbul.av.tr