Powiatowego Inspektora Sanitarnego w Policach: Insufficient technical and organisational measures to ensure information security

The Polish DPA has imposed a fine of EUR 4750 on the Powiatowego Inspektora Sanitarnego w Policach. The controller failed to implement adequate technical and organisational measures to ensure data security, which resulted in a data breach due to an employee loosing an unencrypted usb flash drive with personal health data and data regarding administrative proceedings.

GDPR Articles: Art. 5 (1) f), (2) GDPR, Art. 24 GDPR, Art. 25 (1) GDPR, Art. 32 (1), (2) GDPR
Industry: Public Sector and Education