Is there an obligation, once DPO is notified, to notify data filing systems to registration to the Inspector General?
It depends on the type of data filing system.
- In case of so called sensitive data, that is data belonging to the data categories indicated in Art. 27 paragraph 1 of the Data Protection Act, there is still an obligation to notify such filing register system to GIODO before the processing starts (Art. 40 of the Data Protection Act).
- In case of data filing systems that do not contain data indicated in Art. 27 paragraph 1 of the Data Protection Act there is no obligation of their notification to GIODO, if the data controller appointed DPO and notified it to GIODO. An obligation of keeping open register of such data filling systems (in line with Art. 36a paragraph 2 point 2 of the Data Protection Act) is then conferred on DPO. This register is to be kept by DPO at the data controller’s and embrace all data filing systems kept by data controller (with the exception of data filing systems that have been so far exempted from the obligation to be notified to registration to GIODO, as stated in Art. 43 paragraph 1 of the Data Protection Act). DPO should then contain in its register also data filing systems previously (before 1 January 2015) notified to GIODO (including data filing systems containing sensitive data).


