The European Data Protection Board is speeding up its guidance work in response to the COVID-19 crisis. Its monthly plenary meetings are being replaced by weekly remote meetings with the Members of the Board.
The President of the Personal Data Protection Office imposed a fine of PLN 20 000 on Vis Consulting Sp. z o.o. in liquidation with the seat in Katowice, a company from telemarketing industry, for making it impossible to conduct inspection. Additionally, the company’s owner is subject to criminal liability for this.
The protection of personal data applies to all of us. That is why we invite students to cooperate - we want to work together!
─ The GDPR is not an obstacle to distance education during the Coronavirus pandemic, it gives the possibility for schools to reasonably implement appropriate distance education methods and techniques, while at the same time respecting the basic data protection rules – said Jan Nowak, the President of the Personal Data Protection Office (UODO).
Following an inspection performed at the Warsaw University of Life Sciences (SGGW) in connection with the data protection breach, the President of the Personal Data Protection Office (UODO) initiated administrative proceedings.
On 19 March 2020 the EDPB has adopted a statement on the processing of personal data in the context of the COVID-19 outbreak
The President of the Personal Data Protection Office received a personal data breach notification from ID Finance Poland Sp. z o.o. with the seat in Warsaw.
Global Privacy Assembly set up a dedicated space on its website containing the statements on coronavirus issued by particular data protection authorities.
Due to the prevention of the spread of the COVID-19 virus and for the sake of safety of both citizens and employees of the Office, we kindly inform that the Personal Data Protection Office remains closed for the public.
On 12 March 2020 the President of the Personal Data Protection Offices issued a statement on coronavirus.
The President of the Personal Data Protection Office imposed a fine of PLN 20 000 in connection with the breach consisting in the processing of biometric data of children when using the school canteen.
Current challenges in educating children and young people on the subject of personal data protection and educational activities conducted by the Personal Data Protection Office in Poland were the theme of the meeting with school principals and teachers from the "#RODO in education" series, which took place on February 28, 2020 in Zamość.
By the judgment of 28th February 2020, the Voivodeship Administrative Court in Warsaw upheld the decision of the President of the Personal Data Protection Office imposing an administrative fine of PLN 55 750.50.
Healthcare facilities are sending questions to the Personal Data Protection Office which relate to the situations in which patients request the necessary access code for the execution of e-prescriptions via phone call. Healthcare facilities have doubts as to whether they can make such information available by telephone. These requests often result from the fact that the patient lost the access code, which was provided to him or her in the form of a printout.
Updates are an integral part of the IT world, and hence it is important to be aware that regular updating of anti-virus and firewall software, browsers, as well as other applications and entire operating systems that we use on a daily basis is one of the key conditions for ensuring the secure and stable work of our computer.
As part of the main events which were organised within the framework of the 14th Data Protection Day, an Open Day at UODO was held. Persons interested in the subject of personal data protection could benefit from legal advice provided by UODO experts. The debates were also organised. Michał Serzycki Awards for the third time were given to the people with educational achievements in the field of personal data protection.
The Data Protection Officer's Handbook is a set of guidelines for DPOs on how to ensure compliance with the General Data Protection Regulation (GDPR). The manual which was developed as part of the "T4DATA" project is also available in Polish.
The entity collecting entrepreneurs’ personal data from open records for the purpose of providing commercial services is obliged to fulfil the information obligation directly in relation to those persons - stated the Voivodeship Administrative Court in Warsaw in the case of Bisnode company and thus agreed with the decision of the President of the Personal Data Protection Office (UODO) with regard to imposing a fine on the above entity.
After one and a half year of operation of the Personal Data Protection Office, the structure of the Polish data protection authority will change.
Although the implementation of the project "T4DATA - Training Data Protection Authorities and Data Protection Officers" is coming to an end, its results will also be disseminated in 2020 by the project’s partners. This was the conclusion of their final meeting which took place on 14 and 15 November 2019 in Rome.
The comments should be sent to the European Data Protection Board by 16th of January 2020 at the latest.
The President of the Personal Data Protection Office imposed an administrative fine of over PLN 201,000 for, inter alia, obstructing the exercise of the right to withdraw consent to the processing of personal data.
The President of the Personal Data Protection Office (“The President of the Office”) imposed first administrative fine of PLN 40,000 on a public entity for failure to comply with the GDPR. The reason for imposing the fine was that the mayor of the city did not conclude a personal data processing agreement with the entities to which he transferred data.
For two days the President of the Personal Data Protection Office hosted a high level delegation from the National Centre of Legislation and Legal Research of the Republic of Belarus, the House of Representatives of the National Assembly of the Republic of Belarus, the Operational and Analytical Centre under the President of the Republic of Belarus, the National Statistical Committee of the Republic of Belarus and the Ministry of Communications and Informatization of the Republic of Belarus.
We would like to kindly inform you that due to technical works, difficulties in contacting the Personal Data Protection Office might have occured in the period between October 11th and October 15th.
The Ministry of Family, Labor and Social Policy supports the position of the President of the Personal Data Protection Office (UODO) on conducting sobriety tests on employees.
The President of the Personal Data Protection Office imposed a fine in the amount of more than PLN 2,8 million on Morele.net.
The President of the Personal Data Protection Office initiated ex officio proceedings against PZU Pomoc (Assistance Service Company of PZU Insurance Company) responsible for the campaign "Holidays with PZU Safe Child".
According to the President of the Personal Data Protection Office (UODO), Art. 112b of the Banking Law Act does not allow banks to make photocopies and scans of clients' ID cards, e.g. to set up a bank account or to examine the customer's creditworthiness. In such situations, it is enough just to write down the data from ID card.
In connection with the suspicion of the infringement of the personal data processing, the President of the Personal Data Protection Office (UODO) initiated the ex officio proceedings against the Ministry of Justice and the National Council of the Judiciary (KRS).
The President of the Personal Data Protection Office (UODO) initiated two proceedings against the Chancellery of the Sejm (lower chamber of the Polish Parliament) based on a complaint by a natural person and ex officio in a case concerning the processing of judges’ personal data included in the list of judges supporting the candidates' application to the National Council of the Judiciary. Provisions in this case were issued on 29 July 2019.
It remains unclear to which documents and personal data collected under the “Blue Card” procedure victims of domestic violence and its perpetrators have access.
The partners’ fourth meeting was devoted to the summary of the done work within the framework of the "e-OpenSpace" project. It took place at the headquarters of the Personal Data Protection Office in Poland and was the last one that concerned the coordination of works on the project. The "e-OpenSpace" project will end in August 2019 after a two-year implementation period.
The European Data Protection Board welcomes comments on the Guidelines 3/2019 on processing of personal data through video devices.
The Personal Data Protection Office seeks to ensure that the PESEL – the national identification number - is not revealed in the electronic signature certificate or used as an identifier in digital services.
The Act on Public Documents, which comes into force, prohibits the making and trading of replicas e.g. of personal identity cards or driving licenses. According to the Personal Data Protection Office, not every copy of a public document will have the features of authenticity. Nevertheless, an entity that will copy for example an ID card may be responsible for processing too wide scope of personal data.
On 8 July 2019, the Communication of the President of the Personal Data Protection Office of 17 June 2019 concerning the list of the kind of processing operations which are subject to the requirement for a data protection impact assessment was announced in Monitor Polski.
In the current legal situation, employers cannot independently examine the sobriety of employees. This is determined by Art. 17 of the Act on Upbringing in Sobriety and Counteracting Alcoholism.
A few tips on how to take care of your personal data during the holidays and protect yourself against potential problems.
About 2 000 teachers and over 45 000 students from 335 educational institutions from all over the country took part in the 9th edition of the "Your Data - Your Concern" programme run by the Personal Data Protection Office. This school year 4 000 lessons were devoted to the protection of personal data and privacy as a part of the programme.
Registers of residents, video surveillance, Public Information Bulletin’s (BIP) resources and websites of offices – those are areas in which local government officials had problems while applying the General Data Protection Regulation (GDPR). Nevertheless, after one year of GDPR application, the balance for local self-government units is positive.
The 29th Edition of the Conference of European Data Protection Authorities, which took place on 8-10.05.2019 in Tbilisi, gathered representatives of Supervisory Authorities from the European Union and the Eastern Partnership Countries. This year’s edition of the Conference was organised by the Georgian Data Protection Authority.
The agreement delineates the principles, scope and form of cooperation between the President of the PDPO in Poland and the Data Protection Officer of Catholic Church
Ineffectual attempts to remedy a breach consisting in making public too broad of a scope of personal data are the main reason behind imposing a fine on the controller by the President of the UODO.
On March 27th, 2019, the Council of Europe issued a set of guidelines addressed to its 47 Member States. These principles aim at ensuring, both at legal level as well as in practice, a full compatibility of health-related data processing with human rights, especially with privacy and data protection.
The President of Personal Data Protection Office Dr. Edyta Bielak-Jomaa was awarded the title of ‘Personality of the Year 2019’.
In May and June this year, Personal Data Protection Office in cooperation with National Institute for Local Self-government will organize four local trainings entitled: "Changes in the protection of personal data in the light of the GDPR and the Act of 10 May 2018 on the Protection of Personal Data". The initiative is addressed to data protection officers as well as to the leading figures who perform this function in public administration.
The President of the Personal Data Protection Office (UODO) imposed the first fine in the amount of over PLN 943 000 for the failure to fulfil the information obligation.
The Bureau of the Committee of Convention 108 Committee is holding its 47th meeting in Paris, on 20-22 March 2019.
On March 15th the European Data Protection Board has published on its website the Opinion 5/2019 on the interplay between the ePrivacy Directive (Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector as amended by Directive 2006/24/EC and Directive 2009/136/EC) and the GDPR, in particular regarding the competence, tasks, and powers of data protection authorities.
On the 15th of March 2019 the European Data Protection Board (EDPB) has published on its website the Statement 2/2019 on the use of personal data in the course of political campaigns.
The European Parliament voted in favour of ratification of the Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention No. 108) by the Member States. Recommendation in this case was supported by 624 MEPs in a vote cast on the 12th of March with only 12 votes against its adoption.
On Wednesday, February 27th, during the TOP President Gala, the Business Institute (Instytut Biznesu) has recognized the most interesting, inspiring, and best managers of 2018. One of the prizes was awarded to Dr Edyta Bielak-Jomaa, the President of the Personal Data Protection Office (UODO).
On February 25th 2019 the European Data Protection Board (EDPB) has published on its website a statement on FATCA – the US Foreign Account Tax Compliance Act.
On October 11, 2018 partners of the T4DATA project gathered to discuss the next steps of the initiative. The main topic of the discussion were the local trainings and a series of webinars which are going to be presented in 2019 to the Data Protection Officers working in the public sector.
Electronic space - a platform for the exchange of information by data protection authorities as well as the electronic space accessible to all interested parties, was the main topic of the third partners’ meeting held in Italy. Further documents are created and partners implement the project goals on time.
The change in the approach to personal data management, the organization of activities in this area, the increasing use of rights which are guaranteed by the GDPR are just a few examples of benefits that result from the application of the new law.
In connection with high likelihood of the withdrawal of the United Kingdom from the European Union without concluding international agreement regulating this issue, the President of the Personal Data Protection Office explained at press briefing on 17 January 2019 what would be the consequences thereof for the Polish data controllers and processors. She also gave advice on how to prepare properly for this.
10 tips for data controllers - how to apply the GDPR - experience from the first half of the year.
After complaints, questions and incoming signals analysis, the Personal Data Protection Office prepared 10 tips for data controllers in order to help them to apply the GDPR rules on a daily basis.
10 tips on how to exercise the rights guaranteed by the GDPR - experience from the first half of the year.
Based on the experience of the first six months of the application of the GDPR, the Personal Data Protection Office prepared 10 tips on how to use the rights guaranteed by the Regulation.
The Personal Data Protection Office’s Poland wide educational programme ,,Your data – your concern…”, launched in 2009 each year gathers more and more institutions. Also this year we will try to meet the growing demand for knowledge on personal data protection at educational institutions, both among teachers and students. The Personal Data Protection Office provides educational materials and specialised training for schools that will apply for the participation in this initiative.
The co-organisers of the Conference were the President of the Personal Data Protection Office and the European Law Students’ Association ELSA Poznań. During the event, the representatives of the Adam Mickiewicz University in Poznań, the University of Groningen, the European Commission, as well as legal offices presented selected personal data protection issues in the new legal order implemented by the General Data Protection Regulation (GDPR) applied as of 25 May 2018.
T4DATA project: TRAINING DATA PROTECTION AUTHORITIES AND DATA PROTECTION OFFICERS
Dear Ladies and Gentlemen,
Today on 25 May 2018, we begin to apply the provisions of the EU General Data Protection Regulation, that is the GDPR. Thus the two-year’s long adjustment period, in which everyone obliged to apply its provisions should start acting in a way fully compliant with those provisions, terminates. This day is a perfect occasion to share with you some reflections on the future of the Polish personal data protection system.
Along with the beginning of application of the General Data Protection Regulation (GDPR) on 25 May 2018, the obligation to notify personal data filing systems to registration shall terminate. This means that from that date personal data filing notifications, notifications of changes in the personal data filing system and requests for striking off in the register do not have to be sent to the Inspector General for Personal Data Protection.
- Infoline (in Polish)
- 606-950-000
- Operates on weekdays from 10.00 a.m. – 2.00 p.m.
- Urząd Ochrony Danych Osobowych
- ul. Stawki 2, 00-193 Warszawa
- fax. 22 531 03 01
- kancelaria@uodo.gov.pl
- Working hours of the office: 8 a.m. – 4 p.m.