The Polish Data Protection Authority (UODO) has put a decisive stop to this common practice by imposing a fine of €4.3 million (PLN 18.4 million) on ING Bank Slaski. The ruling, dated July 23, 2025, makes it clear that even Anti-Money Laundering (AML) laws do not provide a “blank check” for the indiscriminate collection of … Read more
The Polish Data Protection Authority (UODO) has fined McDonald’s Poland nearly €4 million (16.9 million PLN). The reason: a chain of security failures that led to a major data breach involving employee information. This case is a textbook example of how data protection responsibility can’t simply be outsourced to third-party vendors and why fundamental GDPR … Read more
The German Federal Labour Court (BAG) has grant an employee €200 in damages because, during a Workday software test, more personal data were disclosed than the works council agreement allowed (case no. 8 AZR 209/21). This ruling is a warning sign for all companies that handle employee data and underscores the importance of GDPR compliance. … Read more
The European Court of Justice (ECJ) has ruled in case C-394/23 (Mousse) that requesting a customer’s gender when purchasing a train ticket online is not a necessary requirement for a railway company. This request violates the principle of data minimization under the General Data Protection Regulation (GDPR) in this case, highlighting that companies must limit … Read more
© Copyright 2021 mip Consult GmbH. All Rights Reserved.