Poland: Closed consultation on UODO plan to update guide on obligations of administrators related to personal data protection breaches

On 21 June 2024, the Polish Data Protection Authority (UODO) closes its consultation on the guide on obligations of administrators related to personal data protection breaches. The guidelines aim to address the challenges controllers face in assessing data breach risks. The collected feedback will be considered in UODO's work on updating the guidelines. The guide provides an overview of responsibilities and procedures concerning personal data protection breaches under the General Data Protection Regulation (GDPR). It covers definitions and examples of breaches, the specific duties of data controllers, joint controllers, and processors, and the steps for breach notification, including what breaches must be reported, how, and within what timeframe. It also includes information on risk assessment, documentation requirements, and the correct way to notify affected individuals.