The Office of Personal Data Protection in September this year. imposed another administrative penalty on an entity that failed to comply with obligations that stem directly from the RODO.
Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on on the protection of Union law whistleblowers, is already in effect as of December 17, 2021. However, until today (25.07.2022), a law clarifying the requirements of the Directive on the protection of whistleblowers has not appeared in the Polish legal order.
The President of the Personal Data Protection Office imposed an administrative fine on the President of the District Court in Zgierz. The fine is not spectacular in terms of amount (PLN 10,000) and was imposed last year, but it is still worth paying attention to.
February 28 this year. information about an administrative fine appeared on the UODO website. It was imposed on Fortum Marketing and Sales Polska. The President of UODO imposed an administrative fine in the amount of PLN 4,911,732.
From 21:00 on February 21 to 23:59 on March 4, the CHARLIE - CRP alert level applies throughout the country.
On January 11, another information was published about an administrative fine in the amount of 45 thousand. zlotys. This penalty is once again related to the Administrator's failure to apply appropriate technical and organizational measures to ensure the ability to continuously ensure the confidentiality of processing services, also for the failure to regularly test, measure and evaluate the effectiveness of measures.
The PoC carried out with the SCADA systems monitoring tool turned us on a yellow light. Why such strange traffic in our theoretically sterile networks.
The National Cybersecurity System is a requirement for operators of key services and digital services. What are these requirements, quite sparingly described in the Act? What does the act itself say about how to ensure the security and continuity of key services?
How long does it actually take to identify and exercise the data subject's rights? Does our register of activities support the implementation of rights? Can we automate the processes of exercising the rights of the data subject?
A frequent problem of the organization is to ensure an effective and accountable internal communication channel, e.g. related to the implementation of data subjects' rights or reporting and handling violations of personal data protection.