17:34 24 February 2026
In ‘25 UODO imposed PLN 64.3 mln for GDPR violations
In 2025, Poland’s Personal Data Protection Office (UODO) imposed a record PLN 64.3 million in GDPR fines, over three times more than in 2024 and more than 60 times higher than in 2023. After years of relatively lenient enforcement following GDPR’s 2018 introduction, regulators significantly toughened their approach. The shift reflects a view that organizations have had enough time to adapt and must now fully comply.
The largest fine, PLN 27.1 million, was imposed on Poczta Polska for unlawfully processing citizens’ national ID data. Other major penalties targeted ING Bank Śląski for excessive identity document scanning and McDonald’s Poland for insufficient oversight of a data processing contractor. Although the total value of fines surged, only 16 entities were penalized, indicating stricter but still selective enforcement.
(pb.pl)
