Poland Poland

Santander Bank Polska S. A.

117,000 €

GDPR enforcement action by Polish National Personal Data Protection Office (UODO) on 2022-01-19.

Rank · Sector
#84
of 322 in Finance, Insurance and Consulting
Rank · Poland
#19
of 111
Rank · All fines
#449
of 3,050

Case details

Authority
Polish National Personal Data Protection Office (UODO)
Date
2022-01-19
Controller / Processor
Santander Bank Polska S. A.
Sector
Finance, Insurance and Consulting
Quoted Articles
Art. 34 (1) GDPR
Type of violation
Insufficient fulfilment of data breach notification obligations

Summary

The Polish DPA has fined Santander Bank Polska S.A. EUR 118,000 for failing to notify data subjects of a data breach.
A former employee of the bank managed to gain unauthorized access to a database for electronic services. Among other things, this allowed numerous Santander customers' data to be accessed.

Due to the high risk for the data of the data subjects, the bank would have been obliged to inform them of the data breach. However, the bank deliberately refrained from doing so and continued to state that it would not comply with this obligation in the future.

The DPA noted that this constituted a major intrusion for the data subjects, as they did not have the opportunity to take appropriate steps to protect their rights.

Open original source Links to the regulator's original publication or another source.

Related fines

Poland
Poland
2025-08-26
4,323,250 €
ETid-2840
ING Bank Śląski
Finance, Insurance and Consulting
Poland
Poland
2025-07-21
3,955,000 €
ETid-2757
McDonald’s Polska Sp. z o.o.
Employment
Poland
Poland
2026-02-05
2,682,000 €
ETid-3063
DPD Polska sp. z o.o.
Transportation and Energy
Poland
Poland
2026-02-19
1,393,300 €
ETid-3113
Restaurant Partner Polska
Industry and Commerce
Poland
Poland
2022-01-19
1,000,000 €
ETid-1104
Fortum Marketing and Sales Polska S.A.
Transportation and Energy
Poland
Poland
2024-08-20
940,000 €
ETid-2457
mBank
Finance, Insurance and Consulting
Back to all fines