Data protection officer under Polish law

Appointment of a data-protection officer

For private companies, the appointment of a DPO (inspektor ochrony danych) is not obligatory. However, if an organization decides to appoint one, it needs to notify this fact electronically  to the supervisory authority: https://www.uodo.gov.pl/pl/121/193.  Such notification must take place within 14 days from the appointment.

Controllers or processors that have appointed a DPO must publish its contact details (name and e-mail address or phone number) as soon as possible on their website. If they do not have a website, they should publish it in a generally available place in their office (Art. 11 Data Protection Act).

Public authorities

Art. 9 Data Protection Act specifies which “public authorities” must appoint a DPO: (1) units of the public finances sector, (2) research institutes and (3) the National Bank of Poland.