Newsroom
Blog
Data controllers have to verify processors under GDPR – some remarks on Fortum case
In a decision of 19 January 2022, the President of the PDPO placed an administrative fine of PLN 4 911 732 on Fortum Marketing and Sales Polska SA as a controller, and PLN 250 135 on PIKA sp. z o.o. as a processor. In this case, the President of the PDPO imposed the highest fine yet imposed on a controller. This is an important decision both for users of outsourcing services and service providers.
Is the Polish DPA competent to adjudicate matters concerning incidents that occurred prior to 25 May 2018?
The NSA has issued a judgment on the competence of the President of the PDPO to adjudicate matters concerning incidents that occurred prior to 25 May 2018.
A former employee is not a trusted data recipient – the Polish DPA ruling in the Santander Bank Polska SA case
The President of the PDPO has imposed an administrative fine on Santander Bank Polska SA of PLN 545 000 for a breach of article 34(1) of the GDPR. The President of the PDPO stated that a former employee is not a trusted data recipient and that although the persons affected by this breach are not specifically defined, this does not hinder compliance with article 34 of the GDPR.