Is it possible to designate a legal entity to perform the DPO function?
No. There must always be a natural person designated to fulfill the function of the DPO. The provisions of the Act of 10 May 2018 on the Protection of Personal Data require that a controller and processor who have designated a DPO provide the DPO's first and last name and electronic mail address or phone number on their website, or if the controller does not run its own website, in a commonly available manner at the place of business (Article 11). The name of the DPO must also be indicated, while notifying the President of the Office of the designation of such a person (Article 10(1) of the Act on the Protection of Personal Data).
The DPO is the contact point for data subjects and the supervisory authority in accordance with Articles 38(4) and 39(1)(e) of the GDPR. Thus, both internally within the entity that is the controller and in the controller’s external relations, it must be clear to everyone who fulfills the function of the DPO.