Poland

President of the Zgierz District Court

2,200 €

GDPR enforcement action by Polish National Personal Data Protection Office (UODO) on 2021-08-13.

Rank · Sector

#300

of 357 in Public Sector and Education

Rank · Poland

#99

of 111

Rank · All fines

#2,208

of 3,050

Case details

Authority: Polish National Personal Data Protection Office (UODO)
Date: 2021-08-13
Controller / Processor: President of the Zgierz District Court
Sector: Public Sector and Education
Quoted Articles: Art. 5 (1) f) GDPR, Art. 25 (1) GDPR, Art. 32 (1) b), d), (2) GDPR
Type of violation: Insufficient technical and organisational measures to ensure information security

Summary

The Polish DPA (UODO) has imposed a fine of EUR 2,200 on the president of the Zgierz District Court. The president had reported a data breach involving the loss of an unencrypted USB stick by a probation officer. The data medium stored the data of 400 persons under probation supervision. The lost and at the same time unsecured data carrier has not yet been found, so that unauthorized persons could still have access to the personal data it contained. The president had assumed that the duty to secure the data did not lie with himself, but with the respective probation officers who had these data in use. However, the DPA found that the president himself should have secured the USB sticks.

Open original source Links to the regulator's original publication or another source.