bg
Chcę wiedzieć o...
Strona główna
Dane osobowe
The initiation of proceedings against the Warsaw University of Life Sciences

The initiation of proceedings against the Warsaw University of Life Sciences

Dodano: 2020-03-31

Following an inspection performed at the Warsaw University of Life Sciences (SGGW) in connection with the data protection breach, the President of the Personal Data Protection Office (UODO) has initiated administrative proceedings.

A stolen laptop, containing the data of candidates for studies at the Warsaw University of Life Sciences, belonged to a staff member of the university. He used it for both private and professional purposes, personal data were processed on the laptop in connection with the recruitment of candidates for studies. However, it is not all the findings made in connection with the inspection carried out by the President of the UODO after the breach at the SGGW.

The inspection showed clear dysfunctions in the data protection system at the university, from both a technical and an organisational point of view. A breach of the personal data protection relating to the obligations imposed on the controller, inter alia, by Article 24(1) of the GDPR has been found, in the context of the failure to update and review the security policies adopted at university. In the course of the inspection it was established that the controller did not duly review the processing of personal data of candidates for studies. Therefore, it did not have sufficient knowledge of the risks involved in that processing and did not take appropriate action under, inter alia, Article 25(1) or 32(1)(b) and (d) of the GDPR. The inspection activities have also shown irregularities in the way of fulfilling the function of the data protection officer who, inter alia, did not execute its tasks in accordance with Article 39(2) of the GDPR, i.e. having due regard to the risk associated with processing operations.

The purpose of the administrative proceedings is to restore a lawful state at the controller’s. In case where the personal data protection provisions are infringed, the President of the UODO shall react adequately to the severity of the specific breach, making use of the numerous powers granted to him under the GDPR. Therefore, the President of the UODO can benefit from the measures under the GDPR. These may be, for example, reprimands, warnings, orders to bring processing operations into compliance with personal data protection provisions. The President of the UODO may also impose an administrative fine depending on the assessment of the circumstances of the case. It is worth recalling that imposing an administrative fine or issuing a warning does not affect the possibility for the President of the UODO to make use of other powers or to impose sanctions.

Artykuły powiązane

UODO: Numer PESEL nie powinien widnieć w certyfikacie podpisu elektronicznego

Prezes Urzędu Ochrony Danych Osobowych (UODO) zwrócił się do Ministra Cyfryzacji z wnioskiem o zmianę przepisów dotyc...

Blokada strony internetowej przez ABW bezpodstawna – NSA ostatecznie rozstrzyga

Naczelny Sąd Administracyjny (NSA) w wyroku z 26 września 2024 roku (sygn. akt II GSK 2046/23) uznał, że Agencja Bez...

Meta ukarana 91 mln euro za naruszenie RODO.

Irlandzki organ ochrony danych (DPC) nałożył na Metę karę w wysokości 91 milionów euro za naruszenie przepisów RODO zwią...