(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Uncategorized
/
Virgin Mobile Polska – a fine of 460 thousand euro for the lack of personal data security measures

Virgin Mobile Polska – a fine of 460 thousand euro for the lack of personal data security measures

img 282 Views

The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the administrative fine, equivalent to 460 thousand euros applied by the Poland Personal Data Protection Office (UODO) to the Polish mobile phone company, Virgin Mobile Polska for the lack of adequate technical and organizational measures implemented to ensure the security of the processed data.

UODO stated that the company infringed the principles of data confidentiality and accountability. Virgin Mobile did not carry out regular and comprehensive tests, measurements and evaluations of the effectiveness of the technical and organisational measures applied to ensure the security of the data processed. Activities in this regard were only undertaken when there were suspicions of vulnerability or in connection with organisational changes. Moreover, no tests were carried out to verify safeguards related to the transfer of data between applications related to the servicing of buyers of prepaid services. In addition, the vulnerability associated with data exchange in these systems was used by an unauthorised person to obtain data from some of the company’s clients.

In connection with a data breach, as a result of which an unauthorised person obtained customers data from one of the databases, the Supervisory Authority carried out the inspection at the company. As a result of the irregularities found, the authority instituted administrative proceedings finalised with the imposition of a fine.

The Supervisory Authority considered that the implementation of a data processing system for use without proper validation of assumed parameters was a flagrant breach by the controller.

However, given the scale and gravity of the breaches, the UODO considered that it would be disproportionate to apply remedies other than an administrative fine.

The NCPDP, as the national authority for the supervision of personal data processing, emphasizes the responsibility of personal data controllers to comply with the provisions of the legislative framework on personal data protection and to ensure that personal data processing operations are in accordance with the legislation in force.

img
Reprezentanții Centrului Republican de Asistență Psihopedagogică instruiți în domeniul protecției datelor cu caracter personal

La data de 29 noiembrie 2023, Centrul Național pentru Protecția Datelor cu Caracter Personal a organizat un curs de instruire în domeniul protecției datelor cu caracter personal pentru reprezentanții Centrului Republican de Asistență Psihopedagogică (CRAP), la solicitarea acestora. Scopul cursului de instruire a fost de a spori gradul de percepție a angajaților CRAP asupra principiilor […]

img 16 Views
img
Reprezentanții Ministerului Muncii și Protecției Sociale instruiți în domeniul protecției datelor cu caracter personal

La data de 28 noiembrie 2023, Centrul Național pentru Protecția Datelor cu Caracter Personal (CNPDCP) a organizat un curs de instruire în domeniul protecției datelor cu caracter personal pentru reprezentanții Ministerului Muncii și Protecției Sociale (MMPS), la solicitarea acestora. Cursul de instruire a avut drept scop familiarizarea funcționarilor din cadrul MMPS cu aspectele ce țin […]

img 36 Views
img Video gallery
img Information