The President of the Personal Data Protection Office received notification of personal data breaches in the company PANEK S.A.
The case is under investigation.

The incident occurred on April 17, 2020, when during the process of launching a new website, the files of the old website were copied into a new folder, which should be hidden and shared.

This was done by an employee of an IT company without a prior consultation and verification of the contents of the files of the old site. He made a mistake and did not hide the files.

Violations must be reported to the President of the UODO, no later than 72 hours after its detection. This obligation applies to accidents where there is a (greater than the minimum) probability of harmful (negative) impact on the persons concerned.

These are, for example, situations where a breach may result as an identity theft, financial loss or breach of legally protected secrets.

Anyone who considers that their personal data are being processed unlawfully may lodge a complaint with the President of the Data Protection Office. In addition, l’art. 79 The GDPR also gives you the right, regardless of lodging a complaint with the President of the UODO, to protect your rights before a civil court. Pursuant to art. 82 GDPR, if you have suffered material or moral damage, you are also entitled to compensation from the administrator.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA POLONIA – UODO