Information and services website for entrepreneurs

Complaint about an infringement of personal data protection rules

Have your personal data been breached? For example, someone has posted your name or address in a public place without your consent? You can make a complaint about a breach of personal data protection regulations. You can read about how to do this and your rights below.

How to handle a matter

A matter can be hadled:

  • at the office
  • by post
  • electronically
Handle online

Zrealizuj usługę online, potrzebny będzie Profil Zaufany lub podpis kwalifikowany

What you should know and who can benefit from the service

What is a personal data breach

The EU General Data Protection Regulation distinguishes three types of violations:

  • a breach of confidentiality - e.g. when your e-mail address is made public to unwanted persons
  • violation of availability - e.g. when your PESEL number has been stolen and it will be used by unauthorized persons.
  • violation of integrity - e.g. when your name has been misspelled.

A complaint concerning personal data breach shall be submitted to the President of the Office for the Protection of Personal Data (UODO).

Who can lodge a complaint concerning a breach of personal data protection regulations

A complaint may be lodged with the President of the UODO:

  • a person whose data has been violated
  • the representative of the person whose personal data has been violated
  • an entity, organisation or association operating in the area of personal data protection - if the person whose personal data has been violated has authorised him/her to file a complaint with the President of the UODO.

When should you handle the matter

At any time

Where you can handle the matter

Urząd Ochrony Danych Osobowych
Stawki 2, 00-193 Warszawa

What to do step by step

  1. Submit a complaint about a personal data breach

Documents

  1. The office shall carry out the procedure

In the proceedings, the President of UODO will check, among others, the following

  • the nature, gravity and duration of the infringement and the extent of the damage you have suffered
  • the intentional or unintentional nature of the infringement
  • the degree of cooperation with the supervisory authority in order to put an end to the infringement and mitigate its possible negative effects
  • the categories of personal data concerned by the breach

  1. The authority shall issue a decision imposing a penalty or restitutio in integrum

In the decision, the President of the UODO may:

  • call on the administrator or the entity processing the data to restore the previous state - e.g. remove your personal data from its database
  • impose an administrative fine of up to EUR 20 million and, in the case of a company, up to 4% of its total annual worldwide turnover in the previous financial year

Documents

You will receive a document as:
Oryginał, Dokument elektroniczny

How much will you pay

The service is free of charge

How long will you wait

Your case will be settled within one month. This period may be extended to two months, subject to notification by the official.

How can you appeal

If you are dissatisfied with the decision issued by the President of UODO, apply for the case to be reconsidered. You have 14 days from the date of receipt of the decision.

Was this page useful?