February 28, 2020

February 28, 2020

Subscribe to Latest Legal News and Analysis

February 27, 2020

Subscribe to Latest Legal News and Analysis

February 26, 2020

Subscribe to Latest Legal News and Analysis

Polish data protection authority announces which sectors will come under scrutiny in 2019

On 24 January 2019, the Personal Data Protection Office (UODO) published a sectoral inspection schedule for 2019. According to the schedule, as approved by UODO’s President, the inspections will aim at verifying the legitimacy of personal data processing in the following private sectors: telemarketing, data brokers (as regards legal grounds for personal data processing) and profiling in the banking and insurance sector.

As for the public sector, the supervisory authority will investigate:

  • Municipal surveillance systems (a continuation of the inspections commenced back in 2018)
  • Waste identification and monitoring systems
  • The manner in which registers of housing cooperatives’ members are kept and secured
  • Disclosure of data in the Public Information Bulletin (BIP)
  • The manner in which the correspondence containing personal information is mailed out.

Inspectors will also check whether controllers keep registers of processing operations and if they document data breaches.

According to the schedule, inspectors will not avoid courts and law enforcement agencies. Police, Polish Border Guard and detention wards should expect inspections focusing on technical and organisational measures implemented in order to secure personal data for processing. In addition, UODO shall control schools and educational establishments (especially in the context of processing of personal data collected via surveillance cameras), employers (in the contexts of employee surveillance and recruitment process), healthcare providers (with regard to disclosing medical records, thus exercising the patients’ right to access the medical records concerning their health and healthcare services rendered to them).

The audits that the regulator plans to conduct in 2019 are motivated by numerous complaints and notifications filed with the UODO, regarding personal data protection laws infringement in the above mentioned areas of activity.

Although the Polish regulator has, so far, taken a rather lenient approach towards controllers (with no fines under GDPR having been imposed to date), 2019 is expected to be the year when this will change, and fines will ensue.

Detailed plan of sectoral controls for 2019 can be found on the UODO website.

© Copyright 2020 Squire Patton Boggs (US) LLP


About this Author

Senior Associate
  • Magdalena’s practice focus is intellectual property law and cybersecurity and privacy regulations. She has a wide-ranging experience in handling both copyright and trademark matters. In addition, Magdalena handles issues that relate to unfair competition, brand protection and methods of executing intellectual property rights for a variety of clients in different sectors.


  • Managing clients’ IP portfolio, handling copyright and trademark infringement, involved in IP litigation, counseling on...
48 22 395 5565