GDPR: Virgin Mobile fined PLN 1.9M for failure to implement proper data protection

Przemysław Juściński

The President of the Polish Personal Data Protection Office has imposed a penalty of PLN 1.9M on Virgin Mobile Polska for its failure to implement the relevant measures ensuring the security of the data processed.

The President concluded that the company has failed to carry out regular and comprehensive tests, measurements, and evaluations of the technical and organizational measures used to guarantee the security of the data processed, taking actions in this respect only incidentally, in connection with suspected vulnerabilities or organizational changes. There were also no tests in terms of security measures related to transferring data between applications used with respect to buyers of prepaid services. These irregularities resulted in an unauthorized person obtaining access to the data of the clients in one of the databases.

The amount of the penalty was influenced by the fact that the violation was a material one since it has created a high risk of negative consequences for a large number of persons (e.g. the risk of identity theft). The short duration of data access the unauthorized persons had was of no importance, as it was sufficient to download a large volume of data. Additionally, the violation itself lasted for a long time: the President concluded that vulnerability to data leaks existed a long time before it actually happened.

This is another case of a personal data leak that shows how important it is for entities processing personal data to comply with the provisions of the GDPR, including the principle of data confidentiality and accountability, in particular by means of regularly, and not only incidentally, testing the technical measures used to protect personal data.

Not sure who to entrust with handling the legal aspects of your personal data processing? At our Law Firm, we have a number of GDPR specialists, including Michał Czuryło, Attorney-at-Law, and Barbara Miziołek, Attorney-at-Law. Contact them:


Michał Czuryło | michal.czurylo@kwkr.pl | +48 504 035 553

Barbara Miziołek | barbara.miziolek@kwkr.pl | +48 508 061 790


Meet all of our team members.





Konieczny, Wierzbicki
Kancelaria Radców Prawnych sp.p.

ul. Piękna 15 lok. 34

+48 12 3957161


    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Administratorem Twoich danych osobowych jest Konieczny, Wierzbicki Kancelaria Radców Prawnych Sp. p. z siedzibą w Krakowie, ul. Kącik 4, 30-549 Kraków.
    Przetwarzamy Twoje dane wyłącznie w celu udzielenia odpowiedzi na wiadomość przesłaną przez formularz kontaktowy i dalszej komunikacji (co stanowi nasz prawnie uzasadniony interes) – przez czas nie dłuższy niż konieczny do udzielenia Ci odpowiedzi, a potem przez okres przedawnienia ewentualnych roszczeń. Masz prawo do żądania dostępu do swoich danych osobowych, ich kopii, sprostowania, usunięcia lub ograniczenia przetwarzania, a także prawo wniesienia sprzeciwu wobec przetwarzania oraz wniesienia skargi do organu nadzorczego. Więcej szczegółów znajdziesz w naszej Polityce Prywatności.
    mackrell Autoryzowany Doradca New Connect Invest in Poland british polish chamber of commerce Laureat Rankingu Kancelarii Prawniczych Rzeczpospolitej 2018 CATALYST Autoryzowany Doradca Irish polish chamber of commerce restrukturyzacja.pl