Poland: Upheld fine in investigation into the President of the District Court of Zgierz over alleged Dara Protection Breach

On 15 February 2022, the Voivodeship Administrative Court in Warsaw upheld the decision of the Polish Data Protection Authority (UODO) to impose an administrative fine of PLN 10'000 on the President of the District Court in Zgierz. The investigation was started based on a personal data breach involving the loss of an unencrypted pen drive containing the data of 400 individuals under probation supervision. The court agreed with the UODO that the controller (the President of the District Court) failed to implement appropriate organisational and technical measures to protect the confidentiality and integrity of personal data. Instead, the responsibility was improperly shifted onto the employees, who lacked the necessary knowledge and means to secure the data adequately. This failure led to unauthorised access to personal data, violating data protection regulations under the GDPR.