In a decision of 19 January 2022, the President of the PDPO placed an administrative fine of PLN 4 911 732 on Fortum Marketing and Sales Polska SA as a controller, and PLN 250 135 on PIKA sp. z o.o. as a processor. In this case, the President of the PDPO imposed the highest fine yet imposed on a controller. This is an important decision both for users of outsourcing services and service providers.
The President of the PDPO has imposed an administrative fine on Santander Bank Polska SA of PLN 545 000 for a breach of article 34(1) of the GDPR. The President of the PDPO stated that a former employee is not a trusted data recipient and that although the persons affected by this breach are not specifically defined, this does not hinder compliance with article 34 of the GDPR.
Over the last few years, the European Court of Justice has issued a number of important judgments relating to the processing of personal data on the Internet (Wirtschaftsakademie, Fashion ID, and Planet49). The European Data Protection Board has also issued a number of guidelines in this area (for example for processing personal data of social […]
The court ruling confirms that the inspected entity cannot question the reasons for the inspection of the DPA or its scope. The Voivodship Administrative Court in Warsaw confirmed the DPA’s decision to impose a fine of PLN 100,000 (around EUR 22,000) on the Surveyor General for preventing the DPA from conducting an inspection at the […]
The NSA has issued a judgment on the competence of the President of the PDPO to adjudicate matters concerning incidents that occurred prior to 25 May 2018.
Banks and entities providing mobile applications should prepare for possible inspections by the Personal Data Protection Office (DPA). We present the scope of potential inspections and tips on how to prepare below. Following the approved sectoral inspections plan, the President of the Personal Data Protection Office intends to perform inspections, primarily in two areas: processing […]
Although a significant number of SARS-CoV-2 infections occur in the workplace, there are still no regulations in Poland allowing employers to collect information on their employees’ vaccine status. This creates legal uncertainty for employers. Information on a person’s vaccine status is an element of information on health, and thus is a special category of data […]