Polskie Radio Szczecin: Insufficient technical and organisational measures to ensure information security

The Polish DPA fined Polskie Radio Szczecin (Polish Radio Szczecin) EUR 13,400. Due to the lack of sufficient technical measures, Polskie Radio Szczecin failed to protect the rights of individuals featured in its publications. As a result, there was a risk that information concerning the private life of individuals would be published without their consent. As an example, the DPA cited a case in which a journalist from Polskie Radio Szczecin disclosed that the minor child of a MP (who does not participate in public life) was a victim of sexual abuse. The report was specific enough to allow third parties to identify the victim, which led to the victim's suicide. During an inspection, the DPA found several shortcomings in data processing and that the deficiencies were systemic. The DPA ordered Polskie Radio Szczecin to rectify the organisational and technical shortcomings within 60 days.

GDPR Articles: Art. 24 (1) GDPR, Art. 32 (1), (2) GDPR
Industry: Media, Telecoms and Broadcasting