Poland: UODO issues statement on state organisations' right to access employees' personal data when carrying out inspections in companies, highlights GDPR compliance
The Polish data protection authority ('UODO') issued, on 3 August 2020, a statement on the right of state organisations to access employees' personal data when carrying out inspections in companies within their statutory powers. In particular, the UODO gave two examples of state organisations, namely the Social Insurance Institution ('ZUS') and the National Labour Inspectorate ('PIP') and stated that these are permitted, pursuant to national legislation and Article 6(1)(c) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), to examine all books, financial, accounting, and personal documents, as well as other information relevant to the scope of the inspection. Therefore, the UODO noted that when state organisations perform their tasks on the basis of their statutory powers, they cannot be refused access to the requested documents.
However, the UODO highlighted that such organisations must comply with the GDPR principles of proportionality, purpose limitation, and data minimisation.
You can read the statement here.