We invite schools and educational institutions to participate in the thirteenth edition of the UODO educational programme "Your data - Your concern". Those wishing to do so are encouraged to read the recruitment details and fill in the application form.
The dynamic development of data processing requires ever faster supercomputers offering unprecedented computing power. Does such a solution pose a major threat to cyber security and fundamental human rights? This and other questions will be answered during the scientific conference 'Human beings in post-quantum reality' organised by the Personal Data Protection Office (UODO) in cooperation with the Chancellery of the Prime Minister, on 28th September 2022.
The Polish DPA invariably takes the view that copying of identity cards by financial institutions is legal only if undertaking of security measures to prevent money laundering and terrorist financing is necessary.
The UODO invites young people to take part in the 'Summer Academy for Personal Data Protection'. This is a series of webinars which are directed to young people and disseminate knowledge in the data protection field.
The Polish DPA imposed an administrative fine on the University Clinical Center of the Medical University of Warsaw. The reason for the decision was the failure to notify a personal data breach to the DPA and failure to communicate the personal data breach to the data subject.
The Voivodeship Administrative Court in Warsaw, in a ruling issued on July 1, 2022, dismissed Bank Millenium S.A.'s complaint against the Polish DPA’s decision imposing an administrative fine.
Following comments from UODO (hereinafter: Polish DPA), the provisions providing for the creation of a database of adult natural persons interested in purchasing solid fuel for their own household needs have been removed from the draft Act on special solutions to protect recipients of certain solid fuels in connection with the situation on the market for these fuels.
The Polish DPA has imposed another administrative fine of PLN 60,000.00 on the Surveyor General of Poland (GGK). The reason for this sanction was the failure to notify the personal data breach to the supervisory authority and to communicate it to the individuals whose personal data had been disclosed. The decision also orders to communicate the affected persons about the personal data breach.
Where does the biggest threat to personal data come from? How to react in case of a personal data leakage or a hacking attack, and how to react in case of phishing? A webinar organised by the Polish DPA on 12 July 2022 at 10.00 a.m. provided answers to these questions.
In September 2022, the Personal Data Protection Office is planning to hold a webinar on technical safeguards for processed personal data. We encourage you to ask questions on this topic, which will be answered during the event.
In June 2022, the implementation of the 12th edition of the nationwide educational program “Your data – Your concern” has ended. The past ten months have resulted in numerous undertakings and educational initiatives.
Every third Pole is afraid of personal data leakage. At the same time, less than half of us would know what to do in a such situation. And the biggest problems are faced by seniors, who do not have enough knowledge on who and how processes our personal data.
The Polish DPA found a violation of the provisions of GDPR by the Warsaw Centre for Intoxicated Persons. It consisted in recording and capturing sound (voice) in the surveillance system installed in the Centre. As it was proved in the administrative proceedings in this case, personal data was processed in this facility without a legal basis. As a result, the controller was fined with PLN 10 000.
“360 minutes on data protection, or personal data all round” is an educational initiative carried out by Primary School No. 360 from Warsaw, which was honoured with a special "Golden Pen" statuette and at the same time won the first place in the UODO President's competition for schools.
The Polish Data Protection Authority imposed an administrative fine of almost PLN 16 000 on Esselmann Technika Pojazdowa Sp. z o.o. Sp. k. The reason for this decision was the failure to notify the Polish DPA of personal data breach consisting in the loss of an employee's work certificate.
A working group, consisting of Dutch, French, Lithuanian and Polish SAs and supported by the European Data Protection Board (EDPB), has looked into a series of complaints concerning potential infringements of the General Data Protection Regulation by Vinted UAB, the operator of the clothes sales website Vinted.com.
A child has the right to privacy and to protection of personal rights, therefore it is worth encouraging them to learn more about personal data protection. And as the experience of the “Your data – Your concern” programme shows, students also have good ideas on how to educate, for example, senior citizens about data protection.
90% of Poles declare that they know how to ensure the security of their personal data. Young people feel most confident. However, despite the conviction of their knowledge, they are the group that most often makes mistakes such as publishing photos of their documents on the Internet or sharing logins and passwords with third parties. That is the conclusion from the research conducted by the ChronPESEL.pl portal and the National Debt Register under the patronage of the Personal Data Protection Office.
The EDPB adopted the Guidelines on the calculation of administrative fines. Furthermore, the Board presented the Guidelines on the use of facial recognition technology in the area of law enforcement. Both documents, adopted on May 12th 2022, during the 65th plenary meeting, will now submitted for public consultation.
At the 64th plenary meeting, the European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB) published a Joint Opinion on the proposed Data Act.
We already know the laureates of this year's competitions for schools and students taking part in the 12th edition of the “Your data – Your concern” educational programme. The winning entries included advice for seniors in the form of podcasts, as well as lesson plans and games.
The EDPB members, at the meeting that took place on 27–28 of April 2022, have agreed to further enhance cooperation on strategic cases and to diversify the range of cooperation methods used.
The Day of New Technologies in Education will be held for the fourth time. It is an initiative of the Ministry of Education and Science, organised together with education superintendents, which aims to promote information and communication technologies used in work with students at school and outside school. The Personal Data Protection Office joins this event, which will be launched on April 29, 2022.
The fact that the controller limits itself to training the employees and omits the application of technical safeguards cannot be regarded as the implementation of appropriate technical or organisational measures. This is what the Voivodeship Administrative Court in Warsaw (WSA) stated, dismissing the complaint filed by the President of the District Court in Zgierz against the decision of the Polish Data Protection Authority.
The National School of Judiciary and Public Prosecution (KSSIP) did not apply adequate technical and organisational measures to ensure the security of data processing, the Voivodeship Administrative Court in Warsaw (WSA) confirmed.
A representative of the Personal Data Protection Office took part in the Data Protection Officers Forum organised by the Wielkopolska Centre for Local Government Education and Studies, which took place on 31 March 2022.
Since the beginning of the application of the GDPR, the Polish Data Protection Authority (Polish DPA), both in the course of its proceedings and in response to cases of non-compliance with the provisions concerning data protection officers (DPO) reported to it, has taken actions resulting from its powers set out in Article 58 of the GDPR. The supervisory authority's experience to date in this regard has been used to formulate a list of issues to which - together with the presentation of relevant evidence - the requested controllers and processors will have to refer.
Personal data protection, the right to privacy and the right to security are human rights that should accompany each of us, even in the most dramatic situations. Therefore, the Personal Data Protection Office (UODO) is closely monitoring the situation of refugees from Ukraine.
The President of the Personal Data Protection Office was pleased to learn that the Commissioner for Human Rights (CHR) had drawn attention to the problem of the disclosure of land and mortgage register numbers, which leads to the acquisition of much of the personal data contained in the registers.
"Consumers include us all" is the slogan for this year's World Consumer Rights Day, which falls on 15 March. Refugees from Ukraine are also consumers. It is with them in mind that the Personal Data Protection Office, together with the Office of Competition and Consumer Protection and other institutions, prepared useful information that will make shopping, travelling and using services in Poland easier.
The President of the Personal Data Protection Office invites students of schools participating in the 12th edition of the "Your data – your concern" program to take part in the competition entitled "Personal Data Protection on a Daily Basis". The task is to prepare a voice recording addressed to seniors on the principles of personal data protection. Additionally, in a separate competition, we will select the best educational initiative implemented in the current edition of the program.
An administrative fine of over PLN 4.9 million has been imposed on Fortum Marketing and Sales Polska S.A. for failing to implement appropriate technical and organisational measures to ensure personal data security and failing to verify the processor. In turn, the processor received a fine of PLN 250,000.00.
The President of the Personal Data Protection Office sent a letter to Ludmila Denisova, Ukrainian Parliament Commissioner for Human Rights, strongly condemning the unprecedented armed attack on Ukraine.
The supervisory authority imposed an administrative fine of over PLN 545,000 (EUR 120,000) on Santander Bank Polska S. A. The reason for this decision was that the Bank breached the provisions of the GDPR by failing to communicate the incident to the data subjects without undue delay. Thus, the Polish DPA ordered to communicate the situation and potential consequences related to it to these persons.
Failure to cooperate with the Polish Data Protection Authority by not providing access to personal data and other information necessary for the performance of its tasks resulted in an administrative fine imposed on Pactum Poland Sp. z o.o. The amount of over PLN 18 000 has already been paid.
New technologies are everywhere and are essential in today's world. However, it should be remembered that they bring not only the opportunity for development and other positive aspects, such as access to sources of knowledge, entertainment or social communication in real time, but also many risks.
How to prepare interesting classes with students of different ages on the key principles of personal data protection? Answers to this question were provided by the workshop for teachers organized by the Personal Data Protection Office. The meeting, which took place on January 31, 2022, was an event accompanying the conference "Personal Data Protection on a Daily Basis", which was organized as part of the 16th Data Protection Day.
This year the ‘Michal Serzycki’ Data Protection Award was awarded to Małgorzata Margulska-Haczyk and Xawery Konarski.
Some students, e.g. from the Commune Primary School (Gminna Szkoła Podstawowa) in Oława, will set off on an expedition "In the search for digital traces". Others, e.g. senior pupils of MIKRON in Łódź, will learn to explain in English how to protect personal data on the phone or on social media during English classes, using typical data protection vocabulary in this language for this purpose.
‒ Let education on the protection of privacy and safe processing of personal data be a permanent element of the everyday education process and a solid foundation for activities undertaken in educational institutions ‒ emphasised Jan Nowak, the President of the Personal Data Protection Office, in an open letter addressed to the participants of the 12th edition of the "Your data ‒ Your concern" educational program.
The Personal Data Protection Office will verify the processing of personal data by banks, as well as processors in the SIS and VIS systems. The entities processing data with the use of mobile applications may also be subject to inspection.
In the opinion of the Personal Data Protection Office, the position taken in the judgment of the Voivodeship Administrative Court (WSA) in Warsaw on the processing of personal data of a bank customer undermines the independence and autonomy of the supervisory authority.
Warsaw University of Technology was fined PLN 45,000 (approximately EUR 9,900), among other things, for not implementing the appropriate technical and organizational measures to ensure the ability for constant assurance of the confidentiality of processing services, also for the lack of regular testing, assessing and evaluating the effectiveness of measures. The University did not take into consideration the risk related to the processing of data within the application.
The Personal Data Protection Office informs that on January 28, 2022, the Data Protection Day will be organized for the sixteenth time. The topic of this year's event is "Personal Data Protection on a Daily Basis". The event will be held on-line.
The 21st Meeting of the Central and Eastern Europe Data Protection Authorities (CEEDPA) was held on December 16-17, 2021. The host of this year's event was the Polish supervisory authority – the Personal Data Protection Office.
On December 16, 2021 the European Data Protection Board has published the following statement.
"New Technologies in Medical Data Processing" is the title of a scientific conference organized by the Personal Data Protection Office. The event will be held online on Monday, November 29, 2021 at 10:00 am.
Given that they have received a significant number of complaints concerning the online clothing sales website vinted.com, operated by the Lithuanian company Vinted UAB, the supervisory authorities from France, Lithuania and Poland have entered into cooperation to investigate compliance of this website with GDPR. The supervisory authorities have jointly established a working group, facilitated by the EDPB, which held its first meeting on 8 November.
The obligation to communicate personal data breach to the data subject does not depend on the occurrence of adverse effects for such a person, but on the mere possibility of its occurring — stressed the supervisory authority in the decision imposing on Bank Millennium S.A. a fine of over 363 000 PLN (80 000 EUR).
Personal data protection at school, the principles of implementation and the schedule of the 12th edition of the nationwide educational programme "Your data – Your concern" as well as the presentation of interesting educational initiatives – these are the most important issues discussed during the online training for coordinators of the 12th edition of the programme.
With the conference in the series „RODO w edukacji” ("#GDPR in education"), which will take place on October 12, 2021 in Kutno, the Personal Data Protection Office will inaugurate the twelfth edition of the nationwide educational programme "Your data – Your concern".
The Personal Data Protection Office invites you to a scientific seminar entitled "Artificial Intelligence and Fundamental Rights". This online event will take place on September 20, 2021 at 9:00 am.
We invite schools and educational institutions to participate in the 12th edition of the UODO's educational program "Your data – Your concern". We encourage all interested parties to read the recruitment details and fill out the application form.
The President of the District Court did not secure the company data carrier, but only instructed his employees to do it themselves. Instead, it is the controller, and not the user of the carrier, who is responsible for implementing appropriate technical and organisational measures to ensure adequate data security. For lack of such measures the supervisory authority imposed on the President of the Court an administrative fine of PLN 10 000.
The Ombudsman for Children supports the cassation appeal of the President of the Personal Data Protection Office filed with the Supreme Administrative Court which regards the judgment of the Voivodeship Administrative Court in Warsaw, which allowed the processing of students’ biometric data by the Primary School in Gdańsk. The processing of these data took place while the meals were served to children.
The Warsaw University of Life Sciences has not implemented sufficient technical and organizational measures to ensure the security of personal data of applicants for studies - confirmed the Voivodeship Administrative Court in Warsaw in its judgment of May 13, 2021. The Voivodeship Administrative Court upheld the decision of the President of the Personal Data Protection Office imposing 50 000 PLN fine on the university.
Mediation Promotion and Legal Education Lex Nostra Foundation was punished with an administrative fine of over 13 000 PLN (3 000 EUR) for failing to notify the personal data breach to the supervisory authority without undue delay, and for failing to communicate the incident to the data subjects.
Scanning the iris of the eye as a means of identifying students during exams ‒ this is the topic which was faced by law and administration students in this year's 11th edition of the essay competition. Awards were presented to the winners of the competition on July 8, 2021.
The Personal Data Protection Office (UODO) has imposed an administrative fine on Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. in the amount of almost PLN 160 000 (EUR 35 000) for failing to notify a personal data protection breach. In addition, the company was fined for failing to communicate the breach to the data subject, which the supervisory authority also required it to do.
The implementation of the 11th edition of the nationwide educational program "Your data – Your concern" has come to an end. Despite the difficult time for all of us, which is still the COVID-19 pandemic, we managed to break new records.
The provisions of the Regulation of the Council of Ministers of May 6, 2021 on the establishment of certain restrictions, orders and prohibitions in connection with the occurrence of an epidemic state do not entitle entities obliged to comply with the limit of persons specified in these provisions to request from them disclosure of information on vaccination against COVID-19. Evidence confirming the fact of vaccination may be presented at the initiative of the person interested in using the services of such an entity.
The President of the Personal Data Protection Office has imposed an administrative fine of PLN 100,000 on P4 company for failing to notify the supervisory authority within 24 hours after having detected a personal data breach.
As soon as 27 June 2021, the European Commission's decision on standard contractual clauses between controllers and processors (to be used in data processing contracts) under Article 28(7) of Regulation 2016/679 will become effective.
Funeda Sp. z o.o. company breached the provisions of the General Data Protection Regulation (GDPR) by not cooperating with the Personal Data Protection Office (UODO) in the scope of performing the supervisory authority's tasks. Administrative fine of over PLN 22 000 (EUR 5 000) was imposed on the company.
The Personal Data Protection Office (UODO), stating that PNP SA with its registered office in Warsaw violated the provisions of the General Data Protection Regulation, imposed an administrative fine on the company in the amount of over PLN 22 000 (EUR 5 000).
The Personal Data Protection is organizing another online lecture on June 9th, 2021 at 10:00. The main topic of the meeting will be reporting personal data breaches. The UODO experts will present practical aspects of this issue, based on a case of data encryption with ransomware.
Cyfrowy Polsat S.A. did not implement appropriate technical and organizational measures in its cooperation with the courier company. This resulted in numerous breaches identified with a long delay. Because of this negligence the President of the UODO (the Personal Data Protection Office) imposed a fine on the company in the amount of over PLN 1.1 million.
The Voivodship Administrative Court (WSA) in Warsaw, in the justification of its judgment of 23 February 2021, fully shared the position and all arguments of the President of Personal Data Protection Office (UODO) expressed in the decision imposing a fine in the amount of PLN 100 000 on the Surveyor General of Poland (Główny Geodeta Kraju, GGK) for making the inspection impossible. The court was critical of both the GGK's actions in terms of cooperation with UODO and all its arguments presented in the complaint against the decision of the supervisory authority.
The President of the Personal Data Protection Office sent a letter to the authorities of the Facebook Poland. This is the result of numerous reports on the leakage of the Polish citizens’ personal data, users of the Facebook.com social network, which took place at the beginning of April 2021.
Over 43% of Poles are worried about falling victim to phishing scammers during a pandemic. Nearly 30% have already encountered such an attempt. At the same time more than 84% of us declare that they know how to take care of their safety. However, the boundaries between generations are clearly drawn. Young people are the best prepared to deal with criminals and much better than the elderly, deal with the verification of received messages. Such conclusions can be drawn from a study conducted by ChronPESEL.pl and the KRD Economic Information Bureau under the auspices of the Personal Data Protection Office.
The Personal Data Protection Office organized an on-line lecture for representatives of the education sector on April 28th, 2021. This time the main topic of the meeting was the processing of biometric data.
The events of recent days, regarding data security on social media, have shown that this aspect of using the Internet must be a priority for all its users.
During the 47th plenary meeting held on 30-31 March 2021 the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a joint opinion on the Proposals for a Digital Green Certificate.
On April 30, from 10 a.m. to 4 p.m. CET, the European Data Protection Board (EDPB) is organising a remote stakeholder event on the topic "application of the GDPR to the processing of personal data for scientific research purposes”.
Security of personal data during distance learning ‒ this is the topic of an online lecture prepared by the UODO for teaching staff of various types of schools. The webinar took place on March 11, 2021, as part of the program initiated by the Education Office in Warsaw "React and Support. Coalition for creating a safe distance learning environment".
The President of the UODO imposed an administrative fine of over PLN 136 000 on ENEA S.A. company for failing to notify a personal data breach.
The President of UODO imposed a fine in the amount of over PLN 21 000 on Anwara Sp. Z o.o. company based in Warsaw, which, as the controller of personal data, did not meet the obligation of cooperation with the supervisory authority and did not provide any information it required for the performance of its tasks in the course of proceedings.
The Voivodeship Administrative Court (WSA) in Warsaw dismissed the Surveyor General of Poland’s (GGK) appeal against the decision of the President of UODO imposing an administrative fine in the amount of PLN 100 000 for the refusal to carry out an inspection.
The President of the UODO found the breach of GDPR and imposed an administrative fine in the amount of PLN 100 000 on KSSIP for failing to fulfil its obligations as a controller.
An administrative fine of more than PLN 85 000 imposed on an entrepreneur, conducting an economic activity in the field of health care, for the failure to comply with the order imposed on it in an administrative decision.
A fine of over PLN 12 000 was imposed on Smart Cities company from Warsaw for not cooperating with the UODO.
Barbara Grądkowska, Jen Persson and Maciej Gawroński joined the group of laureates of the ‘Michał Serzycki’ Data Protection Award. The winners were distinguished for their activities in the field of education about personal data protection.
Traditionally, on the occasion of the Data Protection Day, Jan Nowak, the President of the Personal Data Protection Office (UODO), sent an open letter addressed to both principals and teachers, as well as parents and students, to schools participating in the celebration of this special day.
On 14 January 2021 the EDPB and EDPS adopted joint opinions on two sets of standard contractual clauses (SCCs): one opinion on the SCCs for contracts between controllers and processors and one on the SCCs for the transfer of personal data to third countries.
The President of the Personal Data Protection Office imposed a fine on the Medical University of Silesia for the lack of data breach notifications
At the end of January 2021, for the fourth time, the President of the Personal Data Protection Office will award the ‘Michał Serzycki’ Data Protection Award, which is awarded for activities concerning the protection of personal data.
The Personal Data Protection Office received a data breach notification from Telmedicin sp. z o.o., which is responsible for a telemedicine platform and remote consultations with physicians of various specialties. The case is currently being analyzed.
This is the topic of this year's conference, organized by the Personal Data Protection Office as part of the celebration of the 15th Data Protection Day. The online event will take place on January 28th and will be broadcasted via the UODO’s website.
The inability to quickly identify the threat and remove it led the company ID Finance Poland to data loss. Therefore, the President of the Personal Data Protection Office (UODO) found that the company had not implemented appropriate technical and organizational measures, which resulted in a loss of confidentiality of the personal data principle, and imposed an administrative fine on the company in the amount of over PLN 1 million (EUR 250,000).
Towarzystwo Ubezpieczeń i Reasekuracji WARTA S.A. (WARTA S.A. Insurance and Reinsurance Company) infringed the provisions of the General Data Protection Regulation, because it did not notify a personal data breach to the President of the Personal Data Protection Office. The supervisory authority therefore imposed a fine on the company in the amount of PLN 85 588.
UODO imposed a fine of PLN 1.9 million on Virgin Mobile Polska for the lack of appropriate technical and organisational measures to ensure the security of the processed data.
The Personal Data Protection Office received a data breach notification at the University of Warsaw, which is currently being analyzed.
The President of the Personal Data Protection Office imposed a penalty of a reprimand for disclosure of the list of quarantined persons on the waste management company.
"Controller’s status in the public sector" is the title of a nationwide scientific conference that will be held on November 5, 2020 via the online platform. The event is organized by the Faculty of Law and Administration of the University of Lodz, under the honorary patronage of the President of the Personal Data Protection Office.
In connection with making public on Twitter the private addresses of pro-life activists, politicians and judges, the President of the Personal Data Protection Office took without delay steps to protect the personal data and privacy of these persons.
On 13-15 October 2020, the Global Privacy Assembly Closed Session – At your desk was held.
What are the personal data breaches in educational institutions? When and to whom does the school entrust the data? Why is it important to teach about data protection? These are only selected issues that were discussed during the online meeting for school coordinators of the UODO’s nationwide educational program "Your Data – Your Concern".
The online meeting for participants of the 11th edition of the nationwide educational program "Your Data – Your Concern" opens a series of events organized in connection with the implementation of the UODO’s program in the 2020/2021 school year.
Can I record online lessons? How to ensure the security of data processing of students, their parents and teachers? Which educational platforms to use? Which available services are safe?
The Personal Data Protection Office together with the Ministry of National Education invite you to a training course, which will take place on September 30, 2020, at 10.00 a.m.
The President of the Personal Data Protection Office, after having found a personal data breach by the Warsaw University of Life Sciences (SGGW), imposed a fine on this entity in the amount of PLN 50 000.
On 3 September 2020, the Voivodeship Administrative Court (WSA) in Warsaw issued a judgment on Morele.net’s appeal against the decision of the President of the UODO imposing an administrative fine. The WSA dismissed the appeal and considered that the decision on the fine imposed on the company was justified.
Infringement of the principle of lawfulness of personal data processing and making intentionally available without a legal basis on the GEOPORTAL2 (geoportal.gov.pl) of personal data in the form of land register numbers obtained from the land and property registers are the reason for imposing an administrative fine in the amount of PLN 100 000 on the Surveyor General of Poland (GGK).
The President of the Personal Data Protection Office (UODO) imposed a penalty of a reprimand for the processing of students’ personal data without legal basis in connection with survey carried out by a school in the school year 2019/2020. The survey entitled “Diagnosis of student’s home and school situation” examined personal situation of students.
Following the judgment of the Court of Justice of the European Union in Case C-311/18 - Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems, the EDPB has adopted a ‘Frequently Asked Questions’ document to provide initial clarification and give preliminary guidance to stakeholders on the use of legal instruments for the transfer of personal data to third countries, including the U.S. This document will be developed and complemented, along with further guidance, as the EDPB continues to examine and assess the judgment of the Court.
Jan Nowak, the President of the Personal Data Protection Office and Bartłomiej Chmielowiec, the Patient’s Rights Ombudsman, signed an agreement on mutual cooperation, the purpose of which is to support each other in the implementation of statutory tasks.
In its judgment in Case C-311/18 Data Protection Commissioner v Facebook Ireland Ltd. and Maximilian Schrems delivered on 16 July 2020, the Court of Justice confirmed the high standard of personal data protection with regard to the transfer of personal data to third countries.
The President of the Personal Data Protection Office (UODO), after having conducted an administrative proceeding instituted ex officio in the case of imposition of an administrative fine, imposed a fine in the amount of PLN 100 000 on the Surveyor General of Poland (Główny Geodeta Kraju, GGK).
The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 5 000 on an individual entrepreneur running a non-public nursery and pre-school.
The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 15 000 on East Power company from Jelenia Góra for failing to provide the supervisory authority with access to personal data and other information necessary for the performance of its tasks.
Two years after the application of the General Data Protection Regulation (GDPR), the European Commission published an evaluation report on its implementation. According to the authors of the report, the GDPR strengthens the position of the citizen by providing a number of rights related to the protection of personal data and creates a new European system for managing and enforcing these provisions.
Today, a mobile phone is not only used to talk and communicate, but also has many other functions. It serves entertainment, allows you to settle many matters of everyday life. Many people download seemingly free applications to their mobile phones that do not require any payment. Is this indeed the case?
What a school year it was! Maybe a selfie with a school certificate? Or maybe proud parents intend to show off their kids' high marks on their own social media profiles? Be careful, because it's a real treat for "lovers of other people's data."
Implementation of the 10th edition of the nationwide educational program "Your data – Your concern. Effective protection of personal data. Educational activity addressed to students and teachers" has come to an end. It was a unique, since the jubilee edition of the program. Many interesting projects and meetings were part of this edition. A lot of activities were going on!
In the 2019/2020 school year, schools and educational institutions participating in the 10th edition of the "Your data – Your concern" program have implemented 1 267 educational initiatives dedicated to the protection of personal data. Among them, there were activities which promoted the principles of secure use of personal data at and outside of school, especially in the virtual world. There were also undertakings addressed to teachers, parents and even seniors. School data protection officers have also actively supported many activities.
Creating personal e-mail addresses for teachers or students or recording the course of a lesson or teachers board in accordance with the principles of the GDPR - are the examples of questions that participants asked during online training entitled "Remote work and personal data protection - advice for teachers", which was organized on May 20, 2020 by the Personal Data Protection Office. The event was made possible thanks to the cooperation with the National eTwinning Office and took place as a part of the "Remote education with eTwinning" campaign.
New technologies have opened up completely new opportunities. Video conferencing and video calls are among the most popular ways of communication at the time of teleworking and online contacts with friends and family resulting from the current situation connected with reducing the spread of COVID-19.
In a situation where, for example a person's body temperature is measured, or data concerning his or her health is collected, and then this information is recorded, transmitted and collected, a special category of personal data will be processed.
In connection with repeated questions and doubts addressed to the supervisory authority regarding the collection of personal data of voters by the postal operator in order to organize the election of the President of the Republic of Poland, the President of the Personal Data Protection Office presents his position on the matter.
The President of the Personal Data Protection Office received from the State Poviat Sanitary Inspector in Gniezno (PPIS) an explanatory letter regarding the publication of personal data of persons who are in quarantine. The case is currently being examined by the UODO and any further actions of the Office will depend on its circumstances.
The President of the Personal Data Protection Office received a notification regarding a breach of personal data protection from the National School of Judiciary and Public Prosecution in Krakow. The case is currently being analyzed and complemented for additional materials and information that will explain all its circumstances.
During its 21st plenary meeting, the European Data Protection Board adopted a letter concerning the European Commission's draft Guidance on apps supporting the fight against the COVID-19 pandemic.
The President of the Personal Data Protection Office has consistently taken the view that copying identity documents by the representatives of the institutions subject to the law must be preceded by an analysis of purposefulness, verification whether such an action is actually necessary. The practice varies, that is why the President of the UODO addressed the Chairman of the Polish Financial Supervision Authority (KNF) with a request to consider issuing by that regulator relevant recommendations on verifying the identity of clients.
The European Data Protection Board, during its 20th plenary meeting which was held on 7 April 2020, granted its expert subgroups specific mandates to develop guidance on data processing aspects relevant to the rights and freedoms of data subjects in connection with the COVID-19 outbreak.
The President of the UODO on the basis of the Art. 70 para. 1 and 2 of the Act of 10 May 2018 on the Protection of Personal Data obliged the Surveyor General of Poland to limit the processing of personal data regarding land register numbers, ordering to stop their publication on the GEOPORTAL2 website (geoportal.gov.pl) until the issuing of the administrative decision which will conclude the proceedings in this case. The basis for issuing the decision is the plausible demonstration of infringement of the data protection provisions and the threat of causing serious and hard-to-remove consequences.
The European Data Protection Board is speeding up its guidance work in response to the COVID-19 crisis. Its monthly plenary meetings are being replaced by weekly remote meetings with the Members of the Board.
The President of the Personal Data Protection Office imposed a fine of PLN 20 000 on Vis Consulting Sp. z o.o. in liquidation with the seat in Katowice, a company from telemarketing industry, for making it impossible to conduct inspection. Additionally, the company’s owner is subject to criminal liability for this.
─ The GDPR is not an obstacle to distance education during the Coronavirus pandemic, it gives the possibility for schools to reasonably implement appropriate distance education methods and techniques, while at the same time respecting the basic data protection rules – said Jan Nowak, the President of the Personal Data Protection Office (UODO).
Recently, the Personal Data Protection Office receives applications for a public key certificate for devices (VPN) and for a public key certificate for the operator on the card. The President of the UODO is not competent to consider such applications.
The Chief Sanitary Inspector’s (GIS) recommendations issued on the basis of the Special Act on preventing COVID-19 may constitute a legal basis for processing personal data. The President of the UODO recommends that GIS and the State Inspection authorities use the support of their data protection officers (DPO) and declares full readiness to cooperate in this regard.
Following an inspection performed at the Warsaw University of Life Sciences (SGGW) in connection with the data protection breach, the President of the Personal Data Protection Office (UODO) initiated administrative proceedings.
On 19 March 2020 the EDPB has adopted a statement on the processing of personal data in the context of the COVID-19 outbreak
The President of the Personal Data Protection Office received a personal data breach notification from ID Finance Poland Sp. z o.o. with the seat in Warsaw.
Global Privacy Assembly set up a dedicated space on its website containing the statements on coronavirus issued by particular data protection authorities.
The Chair of the European Data Protection Board (EDPB) extends by six weeks the currently conducted public consultations on guidelines.
Due to the prevention of the spread of the COVID-19 virus and for the sake of safety of both citizens and employees of the Office, we kindly inform that the Personal Data Protection Office remains closed for the public.
On 12 March 2020 the President of the Personal Data Protection Offices issued a statement on coronavirus.
The President of the Personal Data Protection Office imposed a fine of PLN 20 000 in connection with the breach consisting in the processing of biometric data of children when using the school canteen.
Current challenges in educating children and young people on the subject of personal data protection and educational activities conducted by the Personal Data Protection Office in Poland were the theme of the meeting with school principals and teachers from the "#RODO in education" series, which took place on February 28, 2020 in Zamość.
By the judgment of 28th February 2020, the Voivodeship Administrative Court in Warsaw upheld the decision of the President of the Personal Data Protection Office imposing an administrative fine of PLN 55 750.50.
From 2nd March 2020 infoline staff will be available to all customers on one telephone number: 606-950-000. Our experts are available from Monday to Friday between 10.00-14.00.
Healthcare facilities are sending questions to the Personal Data Protection Office which relate to the situations in which patients request the necessary access code for the execution of e-prescriptions via phone call. Healthcare facilities have doubts as to whether they can make such information available by telephone. These requests often result from the fact that the patient lost the access code, which was provided to him or her in the form of a printout.
Updates are an integral part of the IT world, and hence it is important to be aware that regular updating of anti-virus and firewall software, browsers, as well as other applications and entire operating systems that we use on a daily basis is one of the key conditions for ensuring the secure and stable work of our computer.
As part of the main events which were organised within the framework of the 14th Data Protection Day, an Open Day at UODO was held. Persons interested in the subject of personal data protection could benefit from legal advice provided by UODO experts. The debates were also organised. Michał Serzycki Awards for the third time were given to the people with educational achievements in the field of personal data protection.
The Data Protection Officer's Handbook is a set of guidelines for DPOs on how to ensure compliance with the General Data Protection Regulation (GDPR). The manual which was developed as part of the "T4DATA" project is also available in Polish.
The partners’ fourth meeting was devoted to the summary of the done work within the framework of the "e-OpenSpace" project. It took place at the headquarters of the Personal Data Protection Office in Poland and was the last one that concerned the coordination of works on the project. The "e-OpenSpace" project will end in August 2019 after a two-year implementation period.
- Infoline (in Polish)
- 606-950-000
- Operates on weekdays from 10.00 a.m. – 2.00 p.m.
- Urząd Ochrony Danych Osobowych
- ul. Stawki 2, 00-193 Warszawa
- kancelaria@uodo.gov.pl
- Working hours of the office: 8 a.m. – 4 p.m.