Poland Poland

Virgin Mobile Polska

443,000 €

GDPR enforcement action by Polish National Personal Data Protection Office (UODO) on 2020-12-14.

Rank · Sector
#68
of 369 in Media, Telecoms and Broadcasting
Rank · Poland
#8
of 112
Rank · All fines
#259
of 3,059

Case details

Authority
Polish National Personal Data Protection Office (UODO)
Date
2020-12-14
Controller / Processor
Virgin Mobile Polska
Sector
Media, Telecoms and Broadcasting
Quoted Articles
Art. 5 (1) f), (2) GDPR, Art. 25 (1) GDPR, Art. 32 (1) b), d), (2) GDPR
Type of violation
Insufficient technical and organisational measures to ensure information security

Summary

The Polish DPA (UODO) fined Virgin Mobile Polska EUR 443,000 due to a data leak that allowed unauthorized third parties to access personal data stored by Virgin Mobile Polska as a result of inadequate security measures. The DPA notes that the company did not conduct regular and extensive tests on the effectiveness of the measures applied to ensure data security. Indeed, activities in this regard were conducted only in the event of a suspected security leak.

Open original source Links to the regulator's original publication or another source.

Related fines