PDPO’s new structure will improve the functioning of the Office
After one and a half year of operation of the Personal Data Protection Office, the structure of the Polish data protection authority will change.
Experiences gathered since 25 May 2018, when we started applying the GDPR, or the General Data Protection Regulation, have made it clear that there is a need to implement changes for the Office to become more in touch with the citizens and for it to function in a more efficient manner. It is therefore necessary to modify its structure in order to improve its operations, which will translate into better protection of the citizens’ personal data – said Jan Nowak, the President of the Personal Data Protection Office.
Newly created departments will replace previously functioning thematic teams, which were in charge of not only handling complaints but also of giving opinions on legal acts, organising educational activities, carrying out inspections, tackling the data breach notifications made by controllers as well as other tasks. These departments will not be comprehensively handling matters related to respective business sectors but will focus on carrying out specific assignments instead. Tasks such as complaints will be a part of the competences of one of the departments, while another one will handle inspections and data breaches.
Taking into account the rapid increase in complaints after 25 May 2018, an efficient service for the citizens is key in this area. For example in 2017 about 2.700 complaints were lodged; in 2018, after the Office has begun to apply the GDPR, the number of complaints lodged to the PDPO reached almost 4.500. This year it is at the level of ca. 7.000. These will fall within the competences of the newly created Complaints Department within which divisions in charge of respective business sectors will be created. To that end e.g. complaints regarding local government or public authorities will be handled by the Public Sector Division. The ones pertaining to irregularities found at privately held entities as controllers will be handled by the Private Sector Division. Complaints made by patients, employees, students and their patrons will be tackled by the Health, Employment and Education Sector Division. The ones which will be lodged with regards to banks’, telecommunication service providers’ and insurance companies’ activities are to be dealt with by Financial, Insurance and Telecommunication Sector Division.
The so far distribution of cases into the thematic sectors has proved to be a step in the right direction. However, in order to increase the efficiency of the proceedings we have decided to establish the Complaints Department whose employees will be able to focus exclusively on the handling of citizens’ complaints. The handling of complaints is one of the main tasks of the supervisory authority and the number of complaints is constantly increasing. The Office is currently recruiting new staff to face this challenge - added Jan Nowak, President of the Personal Data Protection Office.
The handling of personal data protection breaches reported by the controllers and the conduct of inspections at controllers’ is also of key importance to the supervisory authority. Therefore, the tasks in this area will be assigned to the Inspections and Breaches Department, which will have two divisions — the Inspections Division and the Breaches Division.
The Case Law and Legislation Department will be composed of three divisions: the Legislation Division, the Data Protection Officers Cooperation Division and the Codes and Certification Division.
Taking into account the role of information in the modern world, the need to promote awareness of the protection of personal data, as well as of the PDPO itself, the Communication Department will be established. It will be responsible for relations with the media and for informing citizens effectively about their rights and the activity of the Personal Data Protection Office (including hotlines). The objective is both to educate and raise awareness about the provisions on personal data protection, but also to inform about the ongoing activities of the Office, the legal changes, or the evolving technological reality, which is increasingly using our data.
Along with the new structure, the Office’s logo has changed as well.
— We want to be a modern and citizen-friendly Office and the new logo also reflects this idea – summed up Jan Nowak, the President of the Personal Data Protection Office.