Poland: UODO releases report on secure personal data processing
The Polish data protection authority ('UODO') released, on 20 September 2022, a report on the tasks of personal data administrators and inspectors in the context of secure personal data processing. In particular, the UODO outlined that a study had determined that only one-third of individuals knew who should deal with the negative consequences of a data breach, indicating such individuals believed this was their own responsibility. Thus, the UODO reiterated that it is the data protection administrator is primarily responsible for non-compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), especially when a data breach has occurred.
Furthermore, the UODO added that most individuals affected by a data breach expected expedient notification when there has been a data protection notification and information on its scope, as well as information on what measures have been done to avoid similar events in the future and with whom the leaked data could end up. Additionally, the UODO noted that most individuals surveyed expected legal support or coverage of the costs and expenses of an incident.