MoneyMan data leakage
The President of the Personal Data Protection Office (UODO) received a personal data breach notification from ID Finance Poland (entity maintaining a lending platform MoneyMan.pl). The case is currently being analysed by the UODO, and first activities have been undertaken aimed at explaining the exact circumstances of this breach. The controller informed the President that it has communicated the breach to the data subjects.
In case of data leakage, the UODO cooperates with the controllers, gives advice or consults the contents of the breach notification to data subjects. The activity of the President of the UODO is aimed at ensuring that the controller processes personal data in compliance with the law.
In particular, the purpose of notifying breaches to the President of the Personal Data Protection Office is to assess, inter alia, whether the controller has properly filled in, inter alia, the obligation to notify breaches to data subjects, as long as there was indeed a situation, in which it was obliged to do so.
It is worth pointing out that not every breach must be notified to the President of the UODO and the data subjects. Data breaches that do not affect the rights and freedoms of the data subjects should be entered only into the internal register kept by the controller where all breaches should be recorded. However, the President of the UODO has to be notified of those incidents which are likely to have a (higher than small) adverse effect on the data subjects. These include, for example, situations in which the breach may lead to identity theft, financial loss or violation of legally protected secrecy.