Appointment of a data-protection officer
For private companies, the appointment of a DPO (inspektor ochrony danych) is not obligatory. However, if an organization decides to appoint one, it needs to notify this fact electronically to the supervisory authority: https://www.uodo.gov.pl/pl/121/193. Such notification must take place within 14 days from the appointment.
Controllers or processors that have appointed a DPO must publish its contact details (name and e-mail address or phone number) as soon as possible on their website. If they do not have a website, they should publish it in a generally available place in their office (Art. 11 Data Protection Act).
Art. 9 Data Protection Act specifies which “public authorities” must appoint a DPO: (1) units of the public finances sector, (2) research institutes and (3) the National Bank of Poland.