The Personal Data Protection Office invites you to a scientific seminar entitled "Artificial Intelligence and Fundamental Rights". This online event will take place on September 20, 2021 at 9:00 am.
We invite schools and educational institutions to participate in the 12th edition of the UODO's educational program "Your data – Your concern". We encourage all interested parties to read the recruitment details and fill out the application form.
The President of the District Court did not secure the company data carrier, but only instructed his employees to do it themselves. Instead, it is the controller, and not the user of the carrier, who is responsible for implementing appropriate technical and organisational measures to ensure adequate data security. For lack of such measures the supervisory authority imposed on the President of the Court an administrative fine of PLN 10 000.
The Ombudsman for Children supports the cassation appeal of the President of the Personal Data Protection Office filed with the Supreme Administrative Court which regards the judgment of the Voivodeship Administrative Court in Warsaw, which allowed the processing of students’ biometric data by the Primary School in Gdańsk. The processing of these data took place while the meals were served to children.
The Warsaw University of Life Sciences has not implemented sufficient technical and organizational measures to ensure the security of personal data of applicants for studies - confirmed the Voivodeship Administrative Court in Warsaw in its judgment of May 13, 2021. The Voivodeship Administrative Court upheld the decision of the President of the Personal Data Protection Office imposing 50 000 PLN fine on the university.
Mediation Promotion and Legal Education Lex Nostra Foundation was punished with an administrative fine of over 13 000 PLN (3 000 EUR) for failing to notify the personal data breach to the supervisory authority without undue delay, and for failing to communicate the incident to the data subjects.
Scanning the iris of the eye as a means of identifying students during exams ‒ this is the topic which was faced by law and administration students in this year's 11th edition of the essay competition. Awards were presented to the winners of the competition on July 8, 2021.
The Personal Data Protection Office (UODO) has imposed an administrative fine on Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. in the amount of almost PLN 160 000 (EUR 35 000) for failing to notify a personal data protection breach. In addition, the company was fined for failing to communicate the breach to the data subject, which the supervisory authority also required it to do.
The implementation of the 11th edition of the nationwide educational program "Your data – Your concern" has come to an end. Despite the difficult time for all of us, which is still the COVID-19 pandemic, we managed to break new records.
The provisions of the Regulation of the Council of Ministers of May 6, 2021 on the establishment of certain restrictions, orders and prohibitions in connection with the occurrence of an epidemic state do not entitle entities obliged to comply with the limit of persons specified in these provisions to request from them disclosure of information on vaccination against COVID-19. Evidence confirming the fact of vaccination may be presented at the initiative of the person interested in using the services of such an entity.
The President of the Personal Data Protection Office has imposed an administrative fine of PLN 100,000 on P4 company for failing to notify the supervisory authority within 24 hours after having detected a personal data breach.
As soon as 27 June 2021, the European Commission's decision on standard contractual clauses between controllers and processors (to be used in data processing contracts) under Article 28(7) of Regulation 2016/679 will become effective.
Funeda Sp. z o.o. company breached the provisions of the General Data Protection Regulation (GDPR) by not cooperating with the Personal Data Protection Office (UODO) in the scope of performing the supervisory authority's tasks. Administrative fine of over PLN 22 000 (EUR 5 000) was imposed on the company.
The Personal Data Protection Office (UODO), stating that PNP SA with its registered office in Warsaw violated the provisions of the General Data Protection Regulation, imposed an administrative fine on the company in the amount of over PLN 22 000 (EUR 5 000).
The Personal Data Protection is organizing another online lecture on June 9th, 2021 at 10:00. The main topic of the meeting will be reporting personal data breaches. The UODO experts will present practical aspects of this issue, based on a case of data encryption with ransomware.
Cyfrowy Polsat S.A. did not implement appropriate technical and organizational measures in its cooperation with the courier company. This resulted in numerous breaches identified with a long delay. Because of this negligence the President of the UODO (the Personal Data Protection Office) imposed a fine on the company in the amount of over PLN 1.1 million.
The Voivodship Administrative Court (WSA) in Warsaw, in the justification of its judgment of 23 February 2021, fully shared the position and all arguments of the President of Personal Data Protection Office (UODO) expressed in the decision imposing a fine in the amount of PLN 100 000 on the Surveyor General of Poland (Główny Geodeta Kraju, GGK) for making the inspection impossible. The court was critical of both the GGK's actions in terms of cooperation with UODO and all its arguments presented in the complaint against the decision of the supervisory authority.
The President of the Personal Data Protection Office sent a letter to the authorities of the Facebook Poland. This is the result of numerous reports on the leakage of the Polish citizens’ personal data, users of the Facebook.com social network, which took place at the beginning of April 2021.
Over 43% of Poles are worried about falling victim to phishing scammers during a pandemic. Nearly 30% have already encountered such an attempt. At the same time more than 84% of us declare that they know how to take care of their safety. However, the boundaries between generations are clearly drawn. Young people are the best prepared to deal with criminals and much better than the elderly, deal with the verification of received messages. Such conclusions can be drawn from a study conducted by ChronPESEL.pl and the KRD Economic Information Bureau under the auspices of the Personal Data Protection Office.
The Personal Data Protection Office organized an on-line lecture for representatives of the education sector on April 28th, 2021. This time the main topic of the meeting was the processing of biometric data.
The events of recent days, regarding data security on social media, have shown that this aspect of using the Internet must be a priority for all its users.
During the 47th plenary meeting held on 30-31 March 2021 the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a joint opinion on the Proposals for a Digital Green Certificate.
On April 30, from 10 a.m. to 4 p.m. CET, the European Data Protection Board (EDPB) is organising a remote stakeholder event on the topic "application of the GDPR to the processing of personal data for scientific research purposes”.
Security of personal data during distance learning ‒ this is the topic of an online lecture prepared by the UODO for teaching staff of various types of schools. The webinar took place on March 11, 2021, as part of the program initiated by the Education Office in Warsaw "React and Support. Coalition for creating a safe distance learning environment".
The President of the UODO imposed an administrative fine of over PLN 136 000 on ENEA S.A. company for failing to notify a personal data breach.
The President of UODO imposed a fine in the amount of over PLN 21 000 on Anwara Sp. Z o.o. company based in Warsaw, which, as the controller of personal data, did not meet the obligation of cooperation with the supervisory authority and did not provide any information it required for the performance of its tasks in the course of proceedings.
The Voivodeship Administrative Court (WSA) in Warsaw dismissed the Surveyor General of Poland’s (GGK) appeal against the decision of the President of UODO imposing an administrative fine in the amount of PLN 100 000 for the refusal to carry out an inspection.
The President of the UODO found the breach of GDPR and imposed an administrative fine in the amount of PLN 100 000 on KSSIP for failing to fulfil its obligations as a controller.
An administrative fine of more than PLN 85 000 imposed on an entrepreneur, conducting an economic activity in the field of health care, for the failure to comply with the order imposed on it in an administrative decision.
A fine of over PLN 12 000 was imposed on Smart Cities company from Warsaw for not cooperating with the UODO.
Barbara Grądkowska, Jen Persson and Maciej Gawroński joined the group of laureates of the ‘Michał Serzycki’ Data Protection Award. The winners were distinguished for their activities in the field of education about personal data protection.
Traditionally, on the occasion of the Data Protection Day, Jan Nowak, the President of the Personal Data Protection Office (UODO), sent an open letter addressed to both principals and teachers, as well as parents and students, to schools participating in the celebration of this special day.
On 14 January 2021 the EDPB and EDPS adopted joint opinions on two sets of standard contractual clauses (SCCs): one opinion on the SCCs for contracts between controllers and processors and one on the SCCs for the transfer of personal data to third countries.
The President of the Personal Data Protection Office imposed a fine on the Medical University of Silesia for the lack of data breach notifications
At the end of January 2021, for the fourth time, the President of the Personal Data Protection Office will award the ‘Michał Serzycki’ Data Protection Award, which is awarded for activities concerning the protection of personal data.
The Personal Data Protection Office received a data breach notification from Telmedicin sp. z o.o., which is responsible for a telemedicine platform and remote consultations with physicians of various specialties. The case is currently being analyzed.
This is the topic of this year's conference, organized by the Personal Data Protection Office as part of the celebration of the 15th Data Protection Day. The online event will take place on January 28th and will be broadcasted via the UODO’s website.
The inability to quickly identify the threat and remove it led the company ID Finance Poland to data loss. Therefore, the President of the Personal Data Protection Office (UODO) found that the company had not implemented appropriate technical and organizational measures, which resulted in a loss of confidentiality of the personal data principle, and imposed an administrative fine on the company in the amount of over PLN 1 million (EUR 250,000).
Towarzystwo Ubezpieczeń i Reasekuracji WARTA S.A. (WARTA S.A. Insurance and Reinsurance Company) infringed the provisions of the General Data Protection Regulation, because it did not notify a personal data breach to the President of the Personal Data Protection Office. The supervisory authority therefore imposed a fine on the company in the amount of PLN 85 588.
UODO imposed a fine of PLN 1.9 million on Virgin Mobile Polska for the lack of appropriate technical and organisational measures to ensure the security of the processed data.
The Personal Data Protection Office received a data breach notification at the University of Warsaw, which is currently being analyzed.
The President of the Personal Data Protection Office imposed a penalty of a reprimand for disclosure of the list of quarantined persons on the waste management company.
"Controller’s status in the public sector" is the title of a nationwide scientific conference that will be held on November 5, 2020 via the online platform. The event is organized by the Faculty of Law and Administration of the University of Lodz, under the honorary patronage of the President of the Personal Data Protection Office.
In connection with making public on Twitter the private addresses of pro-life activists, politicians and judges, the President of the Personal Data Protection Office took without delay steps to protect the personal data and privacy of these persons.
On 13-15 October 2020, the Global Privacy Assembly Closed Session – At your desk was held.
What are the personal data breaches in educational institutions? When and to whom does the school entrust the data? Why is it important to teach about data protection? These are only selected issues that were discussed during the online meeting for school coordinators of the UODO’s nationwide educational program "Your Data – Your Concern".
The online meeting for participants of the 11th edition of the nationwide educational program "Your Data – Your Concern" opens a series of events organized in connection with the implementation of the UODO’s program in the 2020/2021 school year.
Can I record online lessons? How to ensure the security of data processing of students, their parents and teachers? Which educational platforms to use? Which available services are safe?
The Personal Data Protection Office together with the Ministry of National Education invite you to a training course, which will take place on September 30, 2020, at 10.00 a.m.
The President of the Personal Data Protection Office, after having found a personal data breach by the Warsaw University of Life Sciences (SGGW), imposed a fine on this entity in the amount of PLN 50 000.
On 3 September 2020, the Voivodeship Administrative Court (WSA) in Warsaw issued a judgment on Morele.net’s appeal against the decision of the President of the UODO imposing an administrative fine. The WSA dismissed the appeal and considered that the decision on the fine imposed on the company was justified.
Infringement of the principle of lawfulness of personal data processing and making intentionally available without a legal basis on the GEOPORTAL2 (geoportal.gov.pl) of personal data in the form of land register numbers obtained from the land and property registers are the reason for imposing an administrative fine in the amount of PLN 100 000 on the Surveyor General of Poland (GGK).
The President of the Personal Data Protection Office (UODO) imposed a penalty of a reprimand for the processing of students’ personal data without legal basis in connection with survey carried out by a school in the school year 2019/2020. The survey entitled “Diagnosis of student’s home and school situation” examined personal situation of students.
Following the judgment of the Court of Justice of the European Union in Case C-311/18 - Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems, the EDPB has adopted a ‘Frequently Asked Questions’ document to provide initial clarification and give preliminary guidance to stakeholders on the use of legal instruments for the transfer of personal data to third countries, including the U.S. This document will be developed and complemented, along with further guidance, as the EDPB continues to examine and assess the judgment of the Court.
Jan Nowak, the President of the Personal Data Protection Office and Bartłomiej Chmielowiec, the Patient’s Rights Ombudsman, signed an agreement on mutual cooperation, the purpose of which is to support each other in the implementation of statutory tasks.
In its judgment in Case C-311/18 Data Protection Commissioner v Facebook Ireland Ltd. and Maximilian Schrems delivered on 16 July 2020, the Court of Justice confirmed the high standard of personal data protection with regard to the transfer of personal data to third countries.
The President of the Personal Data Protection Office (UODO), after having conducted an administrative proceeding instituted ex officio in the case of imposition of an administrative fine, imposed a fine in the amount of PLN 100 000 on the Surveyor General of Poland (Główny Geodeta Kraju, GGK).
The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 5 000 on an individual entrepreneur running a non-public nursery and pre-school.
The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 15 000 on East Power company from Jelenia Góra for failing to provide the supervisory authority with access to personal data and other information necessary for the performance of its tasks.
Two years after the application of the General Data Protection Regulation (GDPR), the European Commission published an evaluation report on its implementation. According to the authors of the report, the GDPR strengthens the position of the citizen by providing a number of rights related to the protection of personal data and creates a new European system for managing and enforcing these provisions.
Today, a mobile phone is not only used to talk and communicate, but also has many other functions. It serves entertainment, allows you to settle many matters of everyday life. Many people download seemingly free applications to their mobile phones that do not require any payment. Is this indeed the case?
What a school year it was! Maybe a selfie with a school certificate? Or maybe proud parents intend to show off their kids' high marks on their own social media profiles? Be careful, because it's a real treat for "lovers of other people's data."
Implementation of the 10th edition of the nationwide educational program "Your data – Your concern. Effective protection of personal data. Educational activity addressed to students and teachers" has come to an end. It was a unique, since the jubilee edition of the program. Many interesting projects and meetings were part of this edition. A lot of activities were going on!
In the 2019/2020 school year, schools and educational institutions participating in the 10th edition of the "Your data – Your concern" program have implemented 1 267 educational initiatives dedicated to the protection of personal data. Among them, there were activities which promoted the principles of secure use of personal data at and outside of school, especially in the virtual world. There were also undertakings addressed to teachers, parents and even seniors. School data protection officers have also actively supported many activities.
Creating personal e-mail addresses for teachers or students or recording the course of a lesson or teachers board in accordance with the principles of the GDPR - are the examples of questions that participants asked during online training entitled "Remote work and personal data protection - advice for teachers", which was organized on May 20, 2020 by the Personal Data Protection Office. The event was made possible thanks to the cooperation with the National eTwinning Office and took place as a part of the "Remote education with eTwinning" campaign.
New technologies have opened up completely new opportunities. Video conferencing and video calls are among the most popular ways of communication at the time of teleworking and online contacts with friends and family resulting from the current situation connected with reducing the spread of COVID-19.
In a situation where, for example a person's body temperature is measured, or data concerning his or her health is collected, and then this information is recorded, transmitted and collected, a special category of personal data will be processed.
In connection with repeated questions and doubts addressed to the supervisory authority regarding the collection of personal data of voters by the postal operator in order to organize the election of the President of the Republic of Poland, the President of the Personal Data Protection Office presents his position on the matter.
The President of the Personal Data Protection Office received from the State Poviat Sanitary Inspector in Gniezno (PPIS) an explanatory letter regarding the publication of personal data of persons who are in quarantine. The case is currently being examined by the UODO and any further actions of the Office will depend on its circumstances.
The President of the Personal Data Protection Office received a notification regarding a breach of personal data protection from the National School of Judiciary and Public Prosecution in Krakow. The case is currently being analyzed and complemented for additional materials and information that will explain all its circumstances.
During its 21st plenary meeting, the European Data Protection Board adopted a letter concerning the European Commission's draft Guidance on apps supporting the fight against the COVID-19 pandemic.
The President of the Personal Data Protection Office has consistently taken the view that copying identity documents by the representatives of the institutions subject to the law must be preceded by an analysis of purposefulness, verification whether such an action is actually necessary. The practice varies, that is why the President of the UODO addressed the Chairman of the Polish Financial Supervision Authority (KNF) with a request to consider issuing by that regulator relevant recommendations on verifying the identity of clients.
The European Data Protection Board, during its 20th plenary meeting which was held on 7 April 2020, granted its expert subgroups specific mandates to develop guidance on data processing aspects relevant to the rights and freedoms of data subjects in connection with the COVID-19 outbreak.
The President of the UODO on the basis of the Art. 70 para. 1 and 2 of the Act of 10 May 2018 on the Protection of Personal Data obliged the Surveyor General of Poland to limit the processing of personal data regarding land register numbers, ordering to stop their publication on the GEOPORTAL2 website (geoportal.gov.pl) until the issuing of the administrative decision which will conclude the proceedings in this case. The basis for issuing the decision is the plausible demonstration of infringement of the data protection provisions and the threat of causing serious and hard-to-remove consequences.
The European Data Protection Board is speeding up its guidance work in response to the COVID-19 crisis. Its monthly plenary meetings are being replaced by weekly remote meetings with the Members of the Board.
The President of the Personal Data Protection Office imposed a fine of PLN 20 000 on Vis Consulting Sp. z o.o. in liquidation with the seat in Katowice, a company from telemarketing industry, for making it impossible to conduct inspection. Additionally, the company’s owner is subject to criminal liability for this.
─ The GDPR is not an obstacle to distance education during the Coronavirus pandemic, it gives the possibility for schools to reasonably implement appropriate distance education methods and techniques, while at the same time respecting the basic data protection rules – said Jan Nowak, the President of the Personal Data Protection Office (UODO).
Recently, the Personal Data Protection Office receives applications for a public key certificate for devices (VPN) and for a public key certificate for the operator on the card. The President of the UODO is not competent to consider such applications.
The Chief Sanitary Inspector’s (GIS) recommendations issued on the basis of the Special Act on preventing COVID-19 may constitute a legal basis for processing personal data. The President of the UODO recommends that GIS and the State Inspection authorities use the support of their data protection officers (DPO) and declares full readiness to cooperate in this regard.
Following an inspection performed at the Warsaw University of Life Sciences (SGGW) in connection with the data protection breach, the President of the Personal Data Protection Office (UODO) initiated administrative proceedings.
On 19 March 2020 the EDPB has adopted a statement on the processing of personal data in the context of the COVID-19 outbreak
The President of the Personal Data Protection Office received a personal data breach notification from ID Finance Poland Sp. z o.o. with the seat in Warsaw.
Global Privacy Assembly set up a dedicated space on its website containing the statements on coronavirus issued by particular data protection authorities.
The Chair of the European Data Protection Board (EDPB) extends by six weeks the currently conducted public consultations on guidelines.
Due to the prevention of the spread of the COVID-19 virus and for the sake of safety of both citizens and employees of the Office, we kindly inform that the Personal Data Protection Office remains closed for the public.
On 12 March 2020 the President of the Personal Data Protection Offices issued a statement on coronavirus.
The President of the Personal Data Protection Office imposed a fine of PLN 20 000 in connection with the breach consisting in the processing of biometric data of children when using the school canteen.
Current challenges in educating children and young people on the subject of personal data protection and educational activities conducted by the Personal Data Protection Office in Poland were the theme of the meeting with school principals and teachers from the "#RODO in education" series, which took place on February 28, 2020 in Zamość.
By the judgment of 28th February 2020, the Voivodeship Administrative Court in Warsaw upheld the decision of the President of the Personal Data Protection Office imposing an administrative fine of PLN 55 750.50.
From 2nd March 2020 infoline staff will be available to all customers on one telephone number: 606-950-000. Our experts are available from Monday to Friday between 10.00-14.00.
Healthcare facilities are sending questions to the Personal Data Protection Office which relate to the situations in which patients request the necessary access code for the execution of e-prescriptions via phone call. Healthcare facilities have doubts as to whether they can make such information available by telephone. These requests often result from the fact that the patient lost the access code, which was provided to him or her in the form of a printout.
Updates are an integral part of the IT world, and hence it is important to be aware that regular updating of anti-virus and firewall software, browsers, as well as other applications and entire operating systems that we use on a daily basis is one of the key conditions for ensuring the secure and stable work of our computer.
As part of the main events which were organised within the framework of the 14th Data Protection Day, an Open Day at UODO was held. Persons interested in the subject of personal data protection could benefit from legal advice provided by UODO experts. The debates were also organised. Michał Serzycki Awards for the third time were given to the people with educational achievements in the field of personal data protection.
The Data Protection Officer's Handbook is a set of guidelines for DPOs on how to ensure compliance with the General Data Protection Regulation (GDPR). The manual which was developed as part of the "T4DATA" project is also available in Polish.
The entity collecting entrepreneurs’ personal data from open records for the purpose of providing commercial services is obliged to fulfil the information obligation directly in relation to those persons - stated the Voivodeship Administrative Court in Warsaw in the case of Bisnode company and thus agreed with the decision of the President of the Personal Data Protection Office (UODO) with regard to imposing a fine on the above entity.
After one and a half year of operation of the Personal Data Protection Office, the structure of the Polish data protection authority will change.
Although the implementation of the project "T4DATA - Training Data Protection Authorities and Data Protection Officers" is coming to an end, its results will also be disseminated in 2020 by the project’s partners. This was the conclusion of their final meeting which took place on 14 and 15 November 2019 in Rome.
The comments should be sent to the European Data Protection Board by 16th of January 2020 at the latest.
The President of the Personal Data Protection Office imposed an administrative fine of over PLN 201,000 for, inter alia, obstructing the exercise of the right to withdraw consent to the processing of personal data.
The President of the Personal Data Protection Office (“The President of the Office”) imposed first administrative fine of PLN 40,000 on a public entity for failure to comply with the GDPR. The reason for imposing the fine was that the mayor of the city did not conclude a personal data processing agreement with the entities to which he transferred data.
For two days the President of the Personal Data Protection Office hosted a high level delegation from the National Centre of Legislation and Legal Research of the Republic of Belarus, the House of Representatives of the National Assembly of the Republic of Belarus, the Operational and Analytical Centre under the President of the Republic of Belarus, the National Statistical Committee of the Republic of Belarus and the Ministry of Communications and Informatization of the Republic of Belarus.
We would like to kindly inform you that due to technical works, difficulties in contacting the Personal Data Protection Office might have occured in the period between October 11th and October 15th.
The Ministry of Family, Labor and Social Policy supports the position of the President of the Personal Data Protection Office (UODO) on conducting sobriety tests on employees.
The President of the Personal Data Protection Office imposed a fine in the amount of more than PLN 2,8 million on Morele.net.
The President of the Personal Data Protection Office initiated ex officio proceedings against PZU Pomoc (Assistance Service Company of PZU Insurance Company) responsible for the campaign "Holidays with PZU Safe Child".
According to the President of the Personal Data Protection Office (UODO), Art. 112b of the Banking Law Act does not allow banks to make photocopies and scans of clients' ID cards, e.g. to set up a bank account or to examine the customer's creditworthiness. In such situations, it is enough just to write down the data from ID card.
In connection with the suspicion of the infringement of the personal data processing, the President of the Personal Data Protection Office (UODO) initiated the ex officio proceedings against the Ministry of Justice and the National Council of the Judiciary (KRS).
The President of the Personal Data Protection Office (UODO) initiated two proceedings against the Chancellery of the Sejm (lower chamber of the Polish Parliament) based on a complaint by a natural person and ex officio in a case concerning the processing of judges’ personal data included in the list of judges supporting the candidates' application to the National Council of the Judiciary. Provisions in this case were issued on 29 July 2019.
It remains unclear to which documents and personal data collected under the “Blue Card” procedure victims of domestic violence and its perpetrators have access.
The partners’ fourth meeting was devoted to the summary of the done work within the framework of the "e-OpenSpace" project. It took place at the headquarters of the Personal Data Protection Office in Poland and was the last one that concerned the coordination of works on the project. The "e-OpenSpace" project will end in August 2019 after a two-year implementation period.
The European Data Protection Board welcomes comments on the Guidelines 3/2019 on processing of personal data through video devices.
The Personal Data Protection Office seeks to ensure that the PESEL – the national identification number - is not revealed in the electronic signature certificate or used as an identifier in digital services.
The Act on Public Documents, which comes into force, prohibits the making and trading of replicas e.g. of personal identity cards or driving licenses. According to the Personal Data Protection Office, not every copy of a public document will have the features of authenticity. Nevertheless, an entity that will copy for example an ID card may be responsible for processing too wide scope of personal data.
On 8 July 2019, the Communication of the President of the Personal Data Protection Office of 17 June 2019 concerning the list of the kind of processing operations which are subject to the requirement for a data protection impact assessment was announced in Monitor Polski.
In the current legal situation, employers cannot independently examine the sobriety of employees. This is determined by Art. 17 of the Act on Upbringing in Sobriety and Counteracting Alcoholism.
A few tips on how to take care of your personal data during the holidays and protect yourself against potential problems.
About 2 000 teachers and over 45 000 students from 335 educational institutions from all over the country took part in the 9th edition of the "Your Data - Your Concern" programme run by the Personal Data Protection Office. This school year 4 000 lessons were devoted to the protection of personal data and privacy as a part of the programme.
Registers of residents, video surveillance, Public Information Bulletin’s (BIP) resources and websites of offices – those are areas in which local government officials had problems while applying the General Data Protection Regulation (GDPR). Nevertheless, after one year of GDPR application, the balance for local self-government units is positive.
The 29th Edition of the Conference of European Data Protection Authorities, which took place on 8-10.05.2019 in Tbilisi, gathered representatives of Supervisory Authorities from the European Union and the Eastern Partnership Countries. This year’s edition of the Conference was organised by the Georgian Data Protection Authority.
The agreement delineates the principles, scope and form of cooperation between the President of the PDPO in Poland and the Data Protection Officer of Catholic Church
Ineffectual attempts to remedy a breach consisting in making public too broad of a scope of personal data are the main reason behind imposing a fine on the controller by the President of the UODO.
On March 27th, 2019, the Council of Europe issued a set of guidelines addressed to its 47 Member States. These principles aim at ensuring, both at legal level as well as in practice, a full compatibility of health-related data processing with human rights, especially with privacy and data protection.
The President of Personal Data Protection Office Dr. Edyta Bielak-Jomaa was awarded the title of ‘Personality of the Year 2019’.
In May and June this year, Personal Data Protection Office in cooperation with National Institute for Local Self-government will organize four local trainings entitled: "Changes in the protection of personal data in the light of the GDPR and the Act of 10 May 2018 on the Protection of Personal Data". The initiative is addressed to data protection officers as well as to the leading figures who perform this function in public administration.
The President of the Personal Data Protection Office (UODO) imposed the first fine in the amount of over PLN 943 000 for the failure to fulfil the information obligation.
The Bureau of the Committee of Convention 108 Committee is holding its 47th meeting in Paris, on 20-22 March 2019.
On March 15th the European Data Protection Board has published on its website the Opinion 5/2019 on the interplay between the ePrivacy Directive (Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector as amended by Directive 2006/24/EC and Directive 2009/136/EC) and the GDPR, in particular regarding the competence, tasks, and powers of data protection authorities.
On the 15th of March 2019 the European Data Protection Board (EDPB) has published on its website the Statement 2/2019 on the use of personal data in the course of political campaigns.
The European Parliament voted in favour of ratification of the Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention No. 108) by the Member States. Recommendation in this case was supported by 624 MEPs in a vote cast on the 12th of March with only 12 votes against its adoption.
On Wednesday, February 27th, during the TOP President Gala, the Business Institute (Instytut Biznesu) has recognized the most interesting, inspiring, and best managers of 2018. One of the prizes was awarded to Dr Edyta Bielak-Jomaa, the President of the Personal Data Protection Office (UODO).
On February 25th 2019 the European Data Protection Board (EDPB) has published on its website a statement on FATCA – the US Foreign Account Tax Compliance Act.
On October 11, 2018 partners of the T4DATA project gathered to discuss the next steps of the initiative. The main topic of the discussion were the local trainings and a series of webinars which are going to be presented in 2019 to the Data Protection Officers working in the public sector.
Electronic space - a platform for the exchange of information by data protection authorities as well as the electronic space accessible to all interested parties, was the main topic of the third partners’ meeting held in Italy. Further documents are created and partners implement the project goals on time.
The change in the approach to personal data management, the organization of activities in this area, the increasing use of rights which are guaranteed by the GDPR are just a few examples of benefits that result from the application of the new law.
In connection with high likelihood of the withdrawal of the United Kingdom from the European Union without concluding international agreement regulating this issue, the President of the Personal Data Protection Office explained at press briefing on 17 January 2019 what would be the consequences thereof for the Polish data controllers and processors. She also gave advice on how to prepare properly for this.
- Infoline (in Polish)
- 606-950-000
- Operates on weekdays from 10.00 a.m. – 2.00 p.m.
- Urząd Ochrony Danych Osobowych
- ul. Stawki 2, 00-193 Warszawa
- kancelaria@uodo.gov.pl
- Working hours of the office: 8 a.m. – 4 p.m.