Privacy Blog
POLISH DPA IMPOSES FINE ON WARSAW UNIVERSITY OF LIFE SCIENCES
17.09.2020
The Polish Data Protection Authority (“DPA”) announced via its website that it has imposed fine of 50.000 PLN on the Warsaw University of Life Sciences due to personal data breach.
In the present case, the DPA launched an investigation upon the notification related to the theft of a portable private computer of the university employee, who used this device also for business purposes, including the processing of personal data of candidates for studies at the University for the purposes of recruitment activities.
In imposing fine, the DPA considered that the controller had no knowledge of the processing of personal data on the employee’s private computer, nor did it control the processing of data by failing to verify on which media the personal data of candidates for studies collected from the IT system were processed and by failing to record this operation in the IT system.
It is noted in the decision that it is the controller’s obligation to implement appropriate technical and organisational measures to ensure the security of the data processed however, the University had not implemented appropriate organisational and technical measures to ensure the security of the processing of personal data of candidates for studies.
You can reach the full text of the decision here.
Should you have any queries and/or remarks, please do not hesitate to contact us.
Kind regards,
Zumbul Attorneys-at-Law