*In 2022, the bank received one fine of PLN 545,000 for acting in violation of Regulation 2016/679 (GDPR). In the case in question, we reported the violation to the Office for Personal Data Protection (UODO) when we found that a former employee of the bank had unauthorized access to the payer profile on the Social Security Electronic Service Platform. As a result, he was able to view the bank’s employee data. In response to the incident, we posted a notice on the internal communication platform reminding people of the rules for processing personal data. In the UODO’s opinion, the announcement was too general and the data subjects were not notified instantly, without undue delay of their personal data breach. The decision was issued by the President of the Office for Personal Data Protection. The decision is not final. The bank has filed an appeal.