Personal Data Protection Office’s sectoral inspections plan for 2022
The Personal Data Protection Office will verify the processing of personal data by banks, as well as processors in the SIS and VIS systems. The entities processing data with the use of mobile applications may also be subject to inspection.
According to the annual inspections plan approved by the President of the Personal Data Protection Office, one of the points is to check the processes of securing and sharing personal data processed by processors in connection with the use of mobile applications.
Moreover, the Personal Data Protection Office will look into the processing of personal data of customers and potential customers of banks in terms of profiling. It will also check the ways in which credit applicants are informed about their creditworthiness assessment in connection with Article 70a of the Act Banking Law.
Additionally, the Personal Data Protection Office will verify the processing of personal data by the processors in the Schengen Information System and the Visa Information System.
The planned inspections are dictated by numerous signals (including complaints, questions and data breach notifications) pointing to the risks of violation of the provisions on personal data protection, as well as high social interest in such problems. Therefore, the President of the Personal Data Protection Office considered them as important from the point of view of tasks performed by the supervisory authority.
A detailed plan of the sectoral inspections of the Personal Data Protection Office for 2022 is available (in Polish) in the attachment below.