The Personal Data Protection Office’s Sectoral Inspection Plan for 2026

The security of personal data in the use of video surveillance in healthcare entities (particularly data relating to children), as well as the security of data on online delivery platforms, are among the areas in which inspections conducted by the Personal Data Protection Office will begin in 2026.

The inspection plan includes, among others, those areas in which personal data protection incidents were recorded over the past year, as well as those which – due in particular to complaints submitted to the Office and notified breaches – the President of the Personal Data Protection Office has deemed especially problematic.

Below is the sectoral inspection plan of the Personal Data Protection Office for 2026:

Authorities processing personal data in Large-Scale EU Systems, including the processing of SIS/VIS personal data on the basis of the Act of 24 August 2007 on the Participation of the Republic of Poland in the Schengen Information System and the Visa Information System (Journal of Laws of 2023, item 1355, as amended), implementing acts, and European Union regulations – continuation of inspections from 2025.

Healthcare entities – processing of personal data through the use of video surveillance, particularly data relating to children, including within paediatric hospital wards and children’s outpatient clinics.

Entities operating the Public Information Bulletin – the manner of processing personal data in connection with the obligation to maintain the Public Information Bulletin, particularly with regard to data anonymisation and the publication of recordings of municipal council sessions.

Marketing entities – particularly with respect to the legal bases for processing personal data for marketing purposes.

Online delivery platforms – processing of personal data in connection with the provision of intermediation services for the sale of goods and services via online applications.