Personal data protection /

Data Protection Authority sector inspections for 2024 – who can expect inspections?

The Office for the Protection of Personal Data (DPA) has published the sectoral control plan for 2024 revealing entities that can be audited for compliance with personal data processing regulations this year.

What entities can expect inspections from DPA?

In 2024, the DPA plans to inspect the following entities:

  1. Authorities processing personal data in the Schengen Information System and Visa Information System
  2. Entities that process personal data using web applications (web-based, i.e., websites that do not require installation on the user’s device), with regard to how personal data processed in connection with the use of the application is secured and made available.
  3. Private entities in relation to compliance with information obligations (i.e., so-called information clauses).

How to be ready for a DPA inspection?

Web applications are being inspected by DPA for the second year in a row, with checks covering all sectors. Entrepreneurs who run websites and collect personal data through them (e.g., through contact forms, customer accounts, cookies) should therefore pay particular attention to whether they have applied appropriate security measures and have required documentation regarding the processing of personal data.

In particular, it is worth verifying:

  • the correct use of cookies,
  • the method of securing customers’ personal data (including password policy and procedure for backups and anti-virus software),
  • the retention period of personal data collected through online applications and the possibility of rectification of data,
  • the form of collection of consents for the processing of personal data and the manner of its documentation (in particular, when consents are collected by means of so-called ‘checkboxes’),
  • documentation regarding the processing of personal data (including a privacy policy) and ensuring that it is written in a language understood by the recipients of the web application.

Priivate entities (including, for example, employers) should review the content of the information clauses and the way they are communicated to interested parties. The clauses may need to be updated due to changes in the law or modification of the scope or purposes of data processing.

How can we help you?

Plan sector inspections can be a good impulse to internally verify the way personal data is processed, including the documentation and security systems in place. This will not only avoid severe penalties for violations of data protection regulations, but also can minimize the risk of violations that lower the credibility of the entrepreneurs and negatively affect their immage.

Our law firm offers audits of compliance with data protection regulations, including websites and preparation of the required documentation (privacy policies, cookie policies, etc.). During the audit we carry out comprehensive verification of the entrepreneur’s data processing workflow to propose best solutions to ensure the security of personal data. The audit is especially recommended to foreign entrepreneurs who plan to start a business in Poland and address their website to a Polish audience. Contact our Data Protection Department at: [email protected] for information on how we can help your company prepare for a DPA audit.

Author team leader DKP Legal anna szymielewicz
Contact our expert
Write an inquiry: [email protected]
check full info of team member: Anna Szymielewicz

Contact us

Młyńska 16
61-730 Poznań
+48 61 853 56 48[email protected]
Rondo ONZ 1
00-124 Warsaw
+48 22 300 16 74[email protected]
Swobodna 1
50-088 Wrocław
+48 61 853 56 48[email protected]
Opolska 110
31-355 Kraków
+48 61 853 56 48[email protected]
Jana Sobieskiego 2/3
65-071 Zielona Góra
+48 61 853 56 48[email protected]