Communiqué on legal questions
ATTENTION
We kindly inform that the GIODO Bureau does not provide legal advice
The Inspector General for Personal Data Protection (GIODO0 does not take a position nor issues opinions, including initial ones, concerning the legitimacy of data processing in hypothetical situations presented in the letters addressed to it. It is first of all the data controllers supported by administrators of information security (Data Protection Officers - DPOs), legal departments and persons providing professional legal assistance whose task is the application of the provisions of the Act on Personal Data Protection.
The role of the Inspector General for Personal Data Protection is to supervise the processing of personal data and not to provide legal assistance. It is the data controller who decides on the purposes and means of the processing of personal data, and so the data controller is obliged to respect any obligations related to the processing of personal data imposed on it by legal provisions. Art. 36b of the Act on Personal Data Protection confirms this, stating that in case of failure to appoint an administrator of information security (DPO) the tasks specified in Art. 36a para. 2 point 1, including also ensuring compliance with the legal provisions on personal data protection, shall be performed by the data controller.
The Inspector General for Personal Data Protection would like to kindly thank for all the signals concerning the problems related to the interpretation of legal provisions. Their contents provide impetus for considering undertaking specific ex officio activities (e.g. addresses to government administration, explanations and guides available on GIODO’s website).
The Bureau of the Inspector General would like to kindly inform you that the following is available on the website of the Inspector General:
- communiques on the amendment to the Act on Personal Data Protection;
- register of legal acts being in force;
- answers to most frequently asked questions;
- guidelines;
- references (available only in Polish);
- information on judgments of Polish and international courts;
- decisions (available only in Polish);
- addresses and signalizations of the Inspector General (available only in Polish);
- opinions on draft legal acts (available only in Polish).
Materials are continuously being up-dated, and searching for information can be simplified by a browser embedded on our website. Selected topics are also widely described on the websites (Polish versions only) https://abi.giodo.gov.pl and https://edugiodo.giodo.gov.pl.
Using the above indicated materials, including the Act on Personal Data Protection and its executive provisions, the data controllers can solve by themselves most of their doubts and issues, all the more that they can appoint an administrator of information security (DPO), whose task is ensuring data processing compliant with the data protection law.
The Inspector General for Personal Data Protection has been providing information and explanations on the provisions on personal data protection from the early years of its functioning. However, currently it is not possible to give answers to questions addressed to this authority in written form or by telephone, due to limited organisational capabilities. The statutory tasks of GIODO do not comprise this type of activity and hence this activity cannot be treated as an obligation realised in accordance with the time-limits specified in the Act of 14 June 1960 the Administrative Procedure Code (i.e. Journal of Laws of 2016, item 23).
Please, be also informed that the following is not GIODO’s competence:
- answering questions on requests for access to public information addressed to entities obliged to provide such information. Decision on disclosure of requested information or refusal to disclose such information in specific factual and legal circumstances is made by the entity from whom such information was requested, and then such decision is subject to verification by the administrative court;
- cases falling within the competence of other authorities, whose decisions are subject to evaluation in the course of the proceedings or in another way specified by relevant procedures. The Inspector General does not supervise nor can it interfere with cases falling within the competence of law enforcement and judicial authorities, which has been confirmed by the Supreme Administrative Court in its judgment of 2 March 2001 (ref. no. II SA 401/00) stating that “(…) the Inspector General (…) is not the entity controlling or supervising irregularities of application of the substantive and procedural law in cases falling within the competence of other authorities, services or courts, whose decisions are subject to evaluations in the course of the proceedings or in another way specified by relevant procedures.”