(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Comunicate
/
Administrative fine of €13,500 imposed by the Polish Data Protection Authority on Polskie Radio Szczecin for violations of Articles 24 and 32 of the GDPR

Administrative fine of €13,500 imposed by the Polish Data Protection Authority on Polskie Radio Szczecin for violations of Articles 24 and 32 of the GDPR

img 288 Views

The National Center for Personal Data Protection (NCPDP), for informational and practical purposes, announces the imposition of an administrative fine of €13,500 by the Polish Data Protection Authority (SA) for violations of Article 24 (Responsibility of the controller) and Article 32 (Security of processing) of the GDPR.

In 2022, Polskie Radio Szczecin released a press article in which a conviction for sexual harassment was described. The journalist revealed that a parliament member’s son was the victim and did it in such a way that the child could be identified. Following the discovery of harassment, this person committed suicide. 

Following the investigation carried out by the Polish SA, the following violations were found:

  • Polskie Radio Szczecin, as the data controller, did not carry out a risk analysis for the processing of personal data in connection with its editorial activities;

  • It failed to comply with its own personal data protection documentation;

  • It also failed to implement data security measures to ensure the ability to continuously ensure the confidentiality, integrity, availability and resilience of processing systems and processing services due to:

    • lack of clear and transparent rules on the handling of press material containing personal data, regulating the obligation to verify such material prior to publication in terms of personal data identifying natural persons whose publication may infringe the law or the rights and freedoms of natural persons;

    • lack of encryption for personal data storage devices used outside the processing area;

  • Polskie Radio Szczecin has not put in place appropriate technical and organisational measures to ensure that the effectiveness of the technical and organisational measures to ensure the security of personal data is regularly tested, measured and evaluated.

In this context, the Polish SA imposed an administrative fine of €13,500 for violations of Article 24(1) and Article 32(1,2) of the GDPR. Additionally, on the basis of the issued decision, Polskie Radio Szczecin is to correct organisational and technical errors within 60 days.

As the national supervisory authority for personal data processing, NCPDP emphasizes the responsibility of personal data controllers to comply with the legal framework on data protection and to ensure that data processing operations are carried out in accordance with the applicable legislation.

img
Protocol amending Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, published in the Official Gazette

       The National Center for Personal Data Protection (NCPDP), for information purposes, communicates about the ratification, by Law 36/20.03.2026 and the publication in the Official Gazette of the Republic of Moldova, of the Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.       […]

img 23 Views
img
Representatives of the National Center for Sustainable Energy trained in the field of personal data protection

       On April 10, 2026, the National Center for Personal Data Protection (NCPDP) organized a training course in the field of personal data protection for representatives of the National Center for Sustainable Energy (NCSE), at their request.        The objective of the training was to strengthen the theoretical knowledge and develop […]

img 26 Views
img Video gallery
img Information