€650.000 is the amount of the fine that the Polish online retailer Morele.net is obligated to pay for a data breach that affected around 2.2 million individuals.

Information that was leaked included names and surnames, email addresses, home addresses, phone numbers, while over 35,000 individuals had additional information leaked.

The additional information included ID number, the series and the number of the identity document, educational background, address, source and amount of income, marital status, among other information that leaked…

As the official statement of the Personal Data Protection Office says,

“The company’s organizational and technical measures for the protection of personal data were not appropriate to the risk posed by the processing of personal data…”

gdpr

The President of the Personal Data Protection Office (UODO), concluded that morele.net had breached the principle of confidentiality, as set out in the GDPR, by failing to comply with the required technical measures of data protection.

The fine was determined, taking into consideration the seriousness of consequences and a large number of individuals affected.

The authority pointed out there was a high risk of potential negative effects that could come out as the side effect of the breach.

The interesting thing is, although the investigation revealed other misconduct, the defining factor for determining the amount of the fine was the lack of appropriate technical and organizational measures.

However, the company cooperated in goodwill with the UODO, has taken actions to minimize the consequences of the breach and has never breached the personal data protection law before, which was taken into consideration.

Solution for GDPR Compliant Data Removal