Ikonka home dla okruszków Home Page For controllers

To whom/what authority should a personal data breach be reported?

According to the Article 33(1) GDPR the controller shall notify a breach to the competent supervisory authority without undue delay. In Republic of Poland the competent supervisory authority in matter of protection of personal data is the President of the Personal Data Protection Offfice.

In case where the breach concerns persons in various EU countries, the President of the Personal Data Protection Office can be, but does not have to be, the lead supervisory authority (i.e. the authority relevant for the controller or the processor). In case of cross-border data breach the controller shall analyse whether the lead supervisory authority with reference to processing activities covered by the breach is the President of the Personal Data Protection Office or perhaps other European supervisory authority.

phone
Infoline (in Polish) UODO 606-950-000 Operates on weekdays from: 10:00-14:00
© UODO 2018 - 2024
Copyright.
Urząd Ochrony Danych Osobowych
map pin ul. Stawki 2, 00-193 Warszawa
envelope kancelaria@uodo.gov.pl
clock Working hours of the office: 8 a.m. – 4 p.m.
© UODO 2018 - 2024
Copyright.