Poland: Office for the Protection of Personal adopted an updated guide on obligations of administrators related to personal data protection breaches

On 20 February 2025, the Personal Data Protection Office (UODO) adopted the updated version of its guide on personal data breaches, which includes new General Data Protection Regulation (GDPR) interpretations, revised risk assessment criteria, and updated reporting procedures. The guide outlines a range of cybersecurity measures, such as ransomware protection, phishing detection, and encryption practices, and clarifies the 72-hour notification deadline and exceptions. A new section addresses cross-border breaches, specifying coordination procedures with EU supervisory authorities. The guide provides case studies, response frameworks, and information on an upcoming UODO seminar related to breach management.