The Polish Data Protection Authority inspection plan for 2023

Available languages: PL

A new calendar year means a new sectoral inspection plan for the Polish Data Protection Authority (“UODO”). In theory, this plan provides an indication of which business sectors (industries) may come to UODO’s special attention. In practice, however, it is becoming less and less “sector-specific” and more and more “general”, as seen by the newly adopted inspection plan for 2023 published by the UODO on 18 January - available here (the “Inspection Plan”).

Indeed, UODO states on its website that inspections can be expected by businesses that process personal data:

  • using mobile applications;
  • with the use of internet (web) applications.

Separately, UODO also expects to inspect authorities that process personal data in the Schengen Information System (SIS) and the Visa Information System (VIS).

A natural question that arises after reading the Inspection Plan is whether it is still a sectoral plan? The first two groups of entities indicate rather all modern enterprises that use mobile or web applications, without which it is hard to imagine business today, i.e. applications used for video conferences and chats, such as Microsoft Teams, Chime, Zoom.

Businesses that use mobile or Internet (web) applications should verify whether they adequately secure and share personal data processed in connection with the use of these applications. Perhaps, therefore, this year’s plan has given rise to what should from now on be called “audits of businesses using new technology”?

Should you need more information on how to prepare your business for a potential UODO inspection, please contact the lawyers from the CMS TMC Team.