PLPresident of the Personal Data Protection Office23 June 2025Data protection violation

McDonald's Polska sp. z o.o.

McDonald's Polska sp. z o.o. fined PLN 16,932,657 by the UODO for GDPR breaches.

PLNzł 16,932,657

Country: PL
Authority: President of the Personal Data Protection Office
Type: Data protection violation
Imposed: 23 June 2025
Added to register: 09 June 2026

Summary

The President of the Personal Data Protection Office imposed an administrative fine of PLN 16,932,657 on McDonald's Polska sp. z o.o. and a separate fine on its processor. The decision of 2025-06-23 concerned inadequate processor verification, insufficient risk analysis, and failure to implement appropriate GDPR security measures.

Grounds for the decision

Failure to properly verify the processor and implement adequate data protection measures.