The employee lost a pendrive with personal data. His company now has to pay 240,000. PLN fine
Losing a pendrive with personal data can have serious financial consequences, as shown by the case of a catering company from Podkarpacie, which will now pay PLN 240,000 for it. PLN fine. How did this happen?
The President of the Personal Data Protection Office announced the imposition of a fine of PLN 240,000. PLN for the company Res-Gastro M. Gaweł from Podkarpacie after one of its employees lost a pendrive with sensitive personal data, which, as we know, has been protected by very restrictive GDPR provisions for several years. The penalty was therefore imposed due to a violation of personal data protection regulations.
The message stated that the lost device contained unencrypted files containing sensitive information about another employee of the company. These data included his name and surname, address, citizenship, gender, date of birth, PESEL number, passport series and number, telephone number, e-mail address, photo and salary information.
What are the financial penalties for violating GDPR?
The GDPR provides for two main categories of financial penalties:
Minor violations: May result in fines of up to €10 million or up to 2%. the total annual worldwide turnover of the company for the previous financial year, whichever is higher. This includes, among others: violations of internal organizational processes and mechanisms.
More serious breaches: Can result in penalties of up to €20 million or up to 4% of the company's total annual worldwide turnover from the previous financial year – whichever is higher. This includes, among others: violations of the fundamental rights of data subjects (e.g. the right to be forgotten) and the principles of data processing.
Of course, penalties for violating the GDPR will not in every case mean having to pay a huge fine. The regulations also provide for, among others: the possibility of imposing various corrective measures, such as warnings, reprimands or orders to readjust to the regulations.