The Office of the Personal Data Protection Authority, after having noticed that the PNP SA with registered office in Warsaw has breached the disposals of the General Data Protection Regulation, has been sanction with a fine of more than 22.000 PLN.

The reason of the sanction is the lack of cooperation with the Supervisory Authority and the lack of access to all the necessary information for the realization of task of the Office.

In order to verify the case, started after a complaint, the UODO has called for three times the agency which has been sanctioned in order to comment the content of the complaint and provide information. Any of the mentions send to the Society – to the addresses listed in the Register of Entrepreneurs of the National Register of Courts – has been received by the Society, despite were notified two times. For this reason, the mentions send to the Society have bene considered as delivered.

As a consequence of the Company’s failure to collect the correspondence addressed to it, the Office for Competition and Consumer Protection did not obtain information necessary for the examination of the case. The initiation of proceedings to impose an administrative fine on the Company did not change this situation either. The letter informing about the initiation of such proceedings was not received by the Company either.

The decision emphasized that the responsibility for failing to provide the UODO with the information it requested rests with the Company. The fact that the calls addressed by the Office for Competition and Consumer Protection to the Company were ultimately not received by the Company does not change this. Quoting the judicature of administrative courts, it was indicated that the obligation of each organizational unit is to ensure that letters are collected in such a way as to ensure that the correspondence is collected continuously and undisturbed and only by authorized persons. Negligence in this respect is the responsibility of this organizational unit.

The duty to cooperate with the supervisory authority is identical for the controller and the processor. Such cooperation includes the necessity to provide the supervisory authority – on its request – with any information possessed by the controller or processor related to the ongoing proceedings.

It should be concluded that the Company, by failing to respond to the requests of UODO, breached its obligation to provide the supervisory authority with access to information necessary to perform its tasks – in this case, to decide on the merits of the case.

In the opinion of the UODO, the imposed administrative fine will discipline the Company to properly cooperate with the supervisory body both in the further course of the proceedings concerning the examination of the complaint and in any other future proceedings with the participation of the Company before the Office.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA POLONIA – UODO