(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ENROРу
ico search toggle
datepersonale.md
/
Uncategorized
/
Administrative fine in the amount of EUR 250,000 applied by Polish Data Protection Authority to ID Finance Poland for loss of confidentiality of the personal data principle

Administrative fine in the amount of EUR 250,000 applied by Polish Data Protection Authority to ID Finance Poland for loss of confidentiality of the personal data principle

img 157 Views

The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the administrative fine in the amount EUR 250,000 applied by Polish Data Protection Authority to ID Finance Poland for loss of confidentiality of the personal data principle.

In the proceedings, the President of the Personal Data Protection Office (UODO)  established that the breach took place following the failure to restore the appropriate security configuration after one of the servers operated by the processor  was restarted. The controller was notified about this by one of its cybersecurity specialists, who detected the vulnerability and indicated sample, publicly available information. ID Finance Poland did not immediately check the system’s identified vulnerabilities and, as a result, a few days later, the data was stolen from this server.

When imposing the fine, the UODO took into account the scale of the breach and the scope of the stolen data. In addition, because unencrypted passwords have also leaked, it is possible to use these data to log in to different customer accounts, if they used the same login (e.g. e-mail) and password on other websites. In establishing the amount of the fine, Polish Data Protection Authority also took into account the controller’s delay in taking preventive measures. The amount of the fine should fulfil both a repressive and a preventive function. In the opinion of the authority, it should prevent similar breaches in the future both in the penalized company and at other controllers’.

The NCPDP, as national supervisory authority for personal data processing, emphasizes the responsibility of personal data controllers to comply with the provisions of legal framework on personal data protection and to ensure that personal data processing operations are in accordance with the legislation in force.

img
Cooperation Agreement between the National Centre for Personal Data Protection and the Academy of Public Administration

On 25 May 2022, in the premises of the Academy of Public Administration, the Cooperation Agreement between the National Centre for Personal Data Protection and the Academy of Public Administration was signed. The Agreement was signed by the Director of the NCPDP, Victoria MUNTEAN and the Rector of the Academy, Oleg BALAN. The aim of […]

img 7 Views
img
Acord de colaborare dintre Centrul Național pentru Protecția Datelor cu Caracter Personal și Academia de Administrare Publică

La data de 25 mai 2022, în incinta Academiei de Administrare Publică, a fost semnat Acordul de colaborare dintre Centrul Național pentru Protecția Datelor cu Caracter Personal și Academia de Administrare Publică. Acordul a fost semnat de către Directorul CNPDCP, Victoria MUNTEAN și Rectorul Academiei, Oleg BALAN. Scopul Acordului este de a consolida capacitățile funcționale […]

img 48 Views
img Video gallery
img Information