Poland
24/7 Communication Sp. z o.o.
43,000 €
GDPR enforcement action by Polish National Personal Data Protection Office (UODO) on 2025-07-21.
Rank · Sector
#39
of 213 in Employment
Rank · Poland
#24
of 111
Rank · All fines
#772
of 3,050
Case details
- Authority
- Polish National Personal Data Protection Office (UODO)
- Date
- 2025-07-21
- Controller / Processor
- 24/7 Communication Sp. z o.o.
- Sector
- Employment
- Quoted Articles
- Art. 5 (1) c) GDPR, Art. 25 (1) GDPR, Art. 38 (1) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Polish DPA has imposed a fine of EUR 43,000 on 24/7 Communication Sp. z o.o. The fined entity acted as the data processor for McDonald’s Polska Sp. z o.o. (see ETid: 2757). The processor failed to implement sufficient technical and organisational measures to ensure data security, resulting in a data breach. The controller additionally infringed the principle of data minimisation and failed to adequately involve the DPO in relevant activities.
Open original source
Links to the regulator's original publication or another source.
Related fines
Poland
2025-08-26
4,323,250 €
ETid-2840
ING Bank Śląski
Finance, Insurance and Consulting
Poland
2025-07-21
3,955,000 €
ETid-2757
McDonald’s Polska Sp. z o.o.
Employment
Poland
2026-02-05
2,682,000 €
ETid-3063
DPD Polska sp. z o.o.
Transportation and Energy
Poland
2026-02-19
1,393,300 €
ETid-3113
Restaurant Partner Polska
Industry and Commerce
Poland
2022-01-19
1,000,000 €
ETid-1104
Fortum Marketing and Sales Polska S.A.
Transportation and Energy
Poland
2024-08-20
940,000 €
ETid-2457
mBank
Finance, Insurance and Consulting