On October 18, 2019, Polish DPA -UODO issued a €650.000 GDPR fine to Polish online retailer Morele.net for a violation that affected around 2.2 million individuals.
Information that was leaked included names and surnames, email addresses, home addresses, phone numbers, while over 35,000 individuals had additional information leaked.
The additional information included ID number, the series and the number of the identity document, educational background, address, source and amount of income, marital status, among other information that leaked…
As the official statement of the Personal Data Protection Office stated, “The company’s organizational and technical measures for the protection of personal data were not appropriate to the risk posed by the processing of personal data…”
The President of the Personal Data Protection Office (UODO), concluded that Morele had breached the principle of confidentiality, as set out in the General Data Protection Regulation, by failing to comply with the required technical measures of data protection.
The fine was determined, taking into consideration the seriousness of consequences and a large number of individuals affected. The authority pointed out there was a high risk of potential negative effects that could come out as the side effect of the breach.
However, the company cooperated in goodwill with the UODO, has taken actions to minimize the consequences of the breach, and has never breached the personal data protection law before, which was taken into consideration.