Personal Data Protection Office’s sectoral inspections plan for 2024

The Personal Data Protection Office has adopted a sectoral inspections plan for 2024. Those processing data using web applications, authorities processing personal data in the SIS and VIS systems and the correctness of private entities’ compliance with the information obligation must all face the audit. 

1. Authorities processing personal data in the Schengen Information System and the Visa Information System – the processing of SIS/VIS personal data on the basis the provisions of the Act of 24 August 2007 on the participation of the Republic of Poland in the Schengen Information System and the Visa Information System (Journal of Laws 2023, item 1355), implementing acts and European Union regulations.
2. Entities that process personal data using web applications- the manner of securing and providing access to personal data processed in connection with the use of applications - continuation of the 2023 inspection.
3. Correctness of compliance with the information obligation set out in Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data or repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119 of 4.05.2016, p. 1, as amended) - private entities.

In the view of the increasingly frequent threats of breaches of personal data protection regulations in the above-mentioned sectors and the great public interest in such problems, they should be considered important from the point of view of the tasks performed by the President of the Personal Data Protection Office.