Global Data and Cyber Handbook

Poland

Select a Topic
Start Comparison
DPOs and Notification Requirements
Jump to
DPOs and Notification Requirements Start Comparison
Is the concept of data protection officer (DPO) recognized in the jurisdiction?

Last review date: 10 January 2025

Yes.

Are there circumstances in which it is mandatory to appoint a DPO or similar position?

Last review date: 10 January 2025

Yes.

If yes, under what circumstances?

☒        the processing is carried out by a public authority or body, except for courts acting in their judicial capacity

☒        the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale

☒        the core activities of the controller or the processor consist of processing on a large scale of special categories of data 

☒        other

Special law provisions stipulate certain situations when specific types of public entities are obliged to appoint a DPO.

Where a DPO is appointed, does the DPO have to meet specific requirements?

Last review date: 10 January 2025

Yes.

If yes, what are these requirements?

☒ other

As per article 37 paragraph 5 of the GDPR, the data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfill the tasks referred to in Article 39 of the GDPR.

Are there obligations to notify, submit filings to, register with or obtain approval from local data protection authorities to collect and/or process personal data generally?

Last review date: 10 January 2025

Yes.

There is no requirement for the controller to register with the authorities. However, there is a requirement to notify the local data protection authority about the designation of the data protection officer.

{{ $store.state.loadingScreen.message }} ...