UODO (Poland) - DKN.5131.7.2022
Content
Holding === Holding ====== Holding === First, the DPA held that the controller had violated the principles of integrity and confidentiality enshrined in Article 5(1)(f) and the principle of accountability laid down in [[Article 5 GDPR#2|Article 5(2) GDPR]]. It had also violated Articles 24(1), 25(1), 28(1), 32(1) and 32(2) GDPR, which specify these principles. The DPA issued the controller a reprimand.First, the DPA held that the controller had violated the principles of integrity and confidentiality enshrined in Article 5(1)(f) and the principle of accountability laid down in [[Article 5 GDPR#2|Article 5(2) GDPR]]. It had also violated Articles [[Article 24 GDPR|24(1)]], [[Article 25 GDPR|25(1)]], [[Article 28 GDPR|28(1)]], [[Article 32 GDPR|32(1)]] and [[Article 32 GDPR|32(2)]] [[Article 32 GDPR|GDPR]], which specify these principles. The DPA issued the controller a reprimand. The DPA found the controller had failed to implement appropriate technical and organisational measures itsel