New structure of the Personal Data Protection Office
After one and half years of operating as the Personal Data Protection Office, the data protection authority decided to launch changes in the organization.
“Experience gathered since 25 May 2018, when we started applying the GDPR, have made it clear that there is a need to implement changes to the Office to become more in touch with the citizens and for it to function in a more efficient manner. It is therefore necessary to modify its structure in order to improve its operations, which will translate into better protection of the citizens’ personal data”, said Jan Nowak, the President of the Personal Data Protection Office.
Newly created departments will replace previously functioning thematic teams, which were in charge of not only handling complaints but also of giving opinions on legal acts, organising educational activities, carrying out inspections, tackling the data breach notifications made by inspectors as well as other tasks. These departments will not be comprehensively handling matters related to respective business sectors but will focus on carrying out specific assignments instead. Tasks such as complaints will be a part of the competences of one of the departments, while another one will handle inspections and data breaches.
Taking into account the rapid increase in complaints after 25 May 2018, an efficient service for the citizens is key in this area. For example in 2017 about 2,700 complaints were lodged; in 2018, after the Office began to apply the GDPR, the number of complaints lodged to the PDPO reached almost 4,500. This year it is at the level of ca. 7,000. These will fall within the competences of the newly created Complaints Department within which divisions in charge of respective business sectors will be created. To that end e.g. complaints regarding local government or public authorities will be handled by the Public Sector Division. The ones pertaining to irregularities found at privately held entities as controllers will be handled by the Private Sector Division. Complaints made by patients, employees, students and their patrons will be tackled by the Health, Employment and Education Sector Division. The ones which will be lodged with regards to banks’, telecommunication service providers’ and insurance companies’ activities are to be dealt with by the Financial, Insurance and Telecommunication Sector Division.
The handling of personal data protection breaches reported by the inspectors and the conduct of inspections by inspectors is also of key importance to the supervisory authority. Therefore, the tasks in this area will be assigned to the Inspections and Breaches Department, which will have two divisions — the Inspections Division and the Breaches Division.
The Case Law and Legislation Department will be composed of three divisions: the Legislation Division, the Data Protection Officers Cooperation Division and the Codes and Certification Division.
Taking into account the role of information in the modern world, the need to promote awareness of the protection of personal data, as well as of the PDPO itself, a Communication Department will be established. It will be responsible for relations with the media and for informing citizens effectively about their rights and the activity of the Personal Data Protection Office (including hotlines). The objective is both to educate and raise awareness about the provisions on personal data protection, but also to inform about the ongoing activities of the Office, the legal changes, or the evolving technological reality, which is increasingly using our data.
Along with the new structure, the Office’s logo has changed as well.
“We want to be a modern and citizen-friendly Office and the new logo also reflects this idea”, summed up Jan Nowak, the President of the Personal Data Protection Office.