How to get compliant with the Whistleblowing Law
Authored by Agata Majewska, Counselor at Law and a specialist in data protection and compliance law at SZiP, one of the leading law firms in the southern Polish market and a valued partner to Whistlelink, this article brings attention to the significant penalties imposed on data controllers in Poland in March 2024.
In March 2024, the President of the Office for Personal Data Protection issued two decisive rulings, imposing substantial financial penalties on data controllers. Both cases involved failure to promptly notify the authority of identified personal data security breaches. What actionable guidance can data controllers derive from these cases?
Santander Bank Polska S.A. faced a hefty fine of nearly PLN 1.5 million for the following infractions:
Furthermore, Toyota Bank Polska S.A. received a fine exceeding 48 thousand zlotys due to:
The justification behind the DPA’s decision underscores the factors contributing to the imposition of significant penalties, notably:
A pivotal takeaway from both rulings highlights the critical importance of promptly notifying the supervisory authority of any personal data security breach, provided the rights and freedoms of those affected are at risk of infringement.
As emphasised by the President of the DPA, “Notifications of a personal data breach enable the supervisory authority to respond effectively, mitigating the impact of such breaches (…) Additionally, informing individuals affected by the breach offers them insight into associated risks and guidance on protective measures to mitigate potential adverse effects.”
In doing so, the President of the DPA underscores not only the purpose of notification but also the broader objectives of data protection regulations. These regulations aim to safeguard individuals’ interests and shield them from the adverse consequences of unauthorized data disclosure.
This article is a guest post from Ślązak, Zapiór and Partners Law Firm in Poland. Please visit their website to learn more about their services!
Follow the Whistlelink blog to stay updated about the latest news and corporate best practices!
Would you like to learn more about a whistleblowing service and safe internal reporting channels? Explore Whistlelink’s all-in-one solution here or book a free demo with our team of whistleblowing experts.
If you have any thoughts about this article or would like to know more about Whistlelink, we’d love to hear from you.
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy
Nice to meet you!
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy