Poland

Śląski Uniwersytet Medyczny (Medical University of Silesia)

5,500 €

GDPR enforcement action by Polish National Personal Data Protection Office (UODO) on 2021-01-05.

Rank · Sector

#223

of 357 in Public Sector and Education

Rank · Poland

#66

of 111

Rank · All fines

#1,673

of 3,051

Case details

Authority: Polish National Personal Data Protection Office (UODO)
Date: 2021-01-05
Controller / Processor: Śląski Uniwersytet Medyczny (Medical University of Silesia)
Sector: Public Sector and Education
Quoted Articles: Art. 33 (1) GDPR, Art. 34 (1) GDPR
Type of violation: Insufficient fulfilment of data breach notification obligations

Summary

The Polish DPA (UODO) imposed a fine of PLN 25,000 (EUR 5,500) on the Medical University of Silesia. In the course of exams held in the form of videoconferences at the end of May 2020, identification of students took place. Once the exam was completed, the recordings of the exams were available not only to the examinees, but also to other people with access to the system. In addition, any outsider could access the records of the examinations and the data of the examined students presented during identification via a direct link. The University failed to report the data breach to the DPA and notify the data subjects.

Open original source Links to the regulator's original publication or another source.