Polish data protection authority announces which sectors will come under scrutiny in 2019
Thursday, January 31, 2019
Personal Data Protection Office schedule published

Related Practices & Jurisdictions
Print Mail Download i

On 24 January 2019, the Personal Data Protection Office (UODO) published a sectoral inspection schedule for 2019. According to the schedule, as approved by UODO’s President, the inspections will aim at verifying the legitimacy of personal data processing in the following private sectors: telemarketing, data brokers (as regards legal grounds for personal data processing) and profiling in the banking and insurance sector.

As for the public sector, the supervisory authority will investigate:

  • Municipal surveillance systems (a continuation of the inspections commenced back in 2018)
  • Waste identification and monitoring systems
  • The manner in which registers of housing cooperatives’ members are kept and secured
  • Disclosure of data in the Public Information Bulletin (BIP)
  • The manner in which the correspondence containing personal information is mailed out.
  •  

Inspectors will also check whether controllers keep registers of processing operations and if they document data breaches.

According to the schedule, inspectors will not avoid courts and law enforcement agencies. Police, Polish Border Guard and detention wards should expect inspections focusing on technical and organisational measures implemented in order to secure personal data for processing. In addition, UODO shall control schools and educational establishments (especially in the context of processing of personal data collected via surveillance cameras), employers (in the contexts of employee surveillance and recruitment process), healthcare providers (with regard to disclosing medical records, thus exercising the patients’ right to access the medical records concerning their health and healthcare services rendered to them).

The audits that the regulator plans to conduct in 2019 are motivated by numerous complaints and notifications filed with the UODO, regarding personal data protection laws infringement in the above mentioned areas of activity.

Although the Polish regulator has, so far, taken a rather lenient approach towards controllers (with no fines under GDPR having been imposed to date), 2019 is expected to be the year when this will change, and fines will ensue.

Detailed plan of sectoral controls for 2019 can be found on the UODO website.

© Copyright 2024 Squire Patton Boggs (US) LLP

Current Legal Analysis

More from Squire Patton Boggs (US) LLP

California Privacy Regulator Holds Townhall Sessions on Draft Rules
by: Alan L. Friel
Belgium – the Double or Triple Whammy of Employment Protection Indemnities
by: Marga Caproni
Relying on CAFA’s Discretionary “Home-State” Exception, Federal Court Punts Data Breach Class Action Back to State Court
by: Amy Brown Doolittle , Katherine A. Spicer
Subchapter V Debt Limit: Don’t Get Caught Assuming Congress Will Act (It Probably Will…But Still) (US)
by: Kelly E. Singer
FTC Bans Non-Competes Throughout the United States – Legal Challenges Already Filed (US)
by: Paul Erian
Workplace Harassment in Germany: Questions Over Compensation
by: Anna-Maria Hesse
When the EDPB is Weaponized, It Is Our Privacy That Is at Risk
by: Charles-Albert Helleputte
The Ohio Supreme Court Updates its Writing Manual
by: Appellate & Supreme Court Group Squire Patton Boggs
The General Code in Bite-Sized Chunks ­– Proportionality is the Special Ingredient
by: Matthew Giles
Relying on CAFA's Discretionary "Home-State" Exception, Federal Court Punts Data Breach Class Action Back to State Court
by: Amy Brown Doolittle , Katherine A. Spicer

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins