Bulgaria
Bulgarian Post EAD
500,000 €
GDPR enforcement action by Bulgarian Commission for Personal Data Protection (KZLD) on 2022-05-04.
Rank · Sector
#40
of 167 in Transportation and Energy
Rank · Bulgaria
#3
of 31
Rank · All fines
#244
of 3,050
Case details
- Authority
- Bulgarian Commission for Personal Data Protection (KZLD)
- Date
- 2022-05-04
- Controller / Processor
- Bulgarian Post EAD
- Sector
- Transportation and Energy
- Quoted Articles
- Art. 32 (1) b), c), d) GDPR, Art. 32 (2) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Bulgarian DPA has imposed a fine of EUR 500,000 on Bulgarian Posts EAD. The controller had suffered a hacking attack, during which the attackers managed to access the controller's databases. During its investigation, the DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data in order to avoid a data breach.
Open original source
Links to the regulator's original publication or another source.
Related fines
Bulgaria
2019-08-28
2,600,000 €
ETid-71
National Revenue Agency
Public Sector and Education
Bulgaria
2019-08-28
511,000 €
ETid-72
DSK Bank
Finance, Insurance and Consulting
Bulgaria
2019-09-03
28,100 €
ETid-140
National Revenue Agency
Public Sector and Education
Bulgaria
2019-02-26
27,100 €
ETid-7
Telecommunication service provider
Media, Telecoms and Broadcasting
Bulgaria
2022
12,800 €
ETid-1831
Political party
Individuals and Private Associations
Bulgaria
2023-01-26
12,800 €
ETid-2882
Political Party
Individuals and Private Associations