UWAGA!

Od 25 maja 2018 r. organem właściwym w zakresie ochrony danych osobowych jest Prezes Urzędu Ochrony Danych Osobowych. Nowa strona internetowa urzędu jest dostępna pod adresem: www.uodo.gov.pl.

Materiały zamieszczone na stronie Generalnego Inspektora Ochrony Danych Osobowych (GIODO) dostępnej pod adresem www.giodo.gov.pl mają charakter archiwalny.

POZOSTAŃ NA STRONIE ARCHIWALNEJ (GIODO)

Is there an obligation, once DPO is notified, to notify data filing systems to registration to the Inspector General?

It depends on the type of data filing system.

  1. In case of so called sensitive data, that is data belonging to the data categories indicated in Art. 27 paragraph 1 of the Data Protection Act, there is still an obligation to notify such filing register system to GIODO before the processing starts (Art. 40 of the Data Protection Act).
  2. In case of data filing systems that do not contain data indicated in Art. 27 paragraph 1 of the Data Protection Act there is no obligation of their notification to GIODO, if the data controller appointed DPO and notified it to GIODO. An obligation of keeping open register of such data filling systems (in line with Art. 36a paragraph 2 point 2 of the Data Protection Act) is then conferred on DPO. This register is to be kept by DPO at the data controller’s and embrace all data filing systems kept by data controller (with the exception of data filing systems that have been so far exempted from the obligation to be notified to registration to GIODO, as stated in Art. 43 paragraph 1 of the Data Protection Act). DPO should then contain in its register also data filing systems previously (before 1 January 2015) notified to GIODO (including data filing systems containing sensitive data).

Last news