How to notify the President of the Personal Data Protection Office of data breach?
Data breach shall be notified (in Polish) to the competent authority - the President of the Personal Data Protection Office.
- Data breach shall be notified electronically by means of relevant form available below, which should be filled in and then …
- ...attached to the general letter available on the platform biznes.gov.pl
or sent through ePUAP to the address of the Electronic Inbox (Elektroniczna Skrzynka Podawcza): /UODO/SkrytkaESP
It is also possible to send the form as an enclosure to the address of the Electronic Inbox: /UODO/SkrytkaESP.
In case where the breach concerns persons in various EU countries, the President of the Personal Data Protection Office can be, but does not have to be, the lead supervisory authority (i.e. the authority relevant for the controller or the processor). In case of cross-border data breach the controller shall analyse whether the lead supervisory authority with reference to processing activities covered by the breach is the President of the Personal Data Protection Office or perhaps other European supervisory authority (more: Guidelines for identifying a controller or processor’s lead supervisory authority (WP 244 rev. 01).