Further to the Facebook and Tesco scandals, and the apparent statistic increase of enforcement fines issued, the Polish Data Protection Authority has issued a landmark fine of €645,000 against online retail company morele.net for insufficient security and organisational measures violating data confidentiality and integrity principles prescribed in the EU’s General Data Protection Regulation.

In particular, insufficient technical security measures, inadequate authentication methods and a lack of additional security solutions were attributed to the theft of information relating to over 2.2 million natural persons registered in the databases of the specified retailers.