DPIA list of the Polish supervisory authority
The Polish supervisory authority has published a proposal for the list of processing activities, for which a DPIA will be required. The detailed list includes, for example:
- Evaluation or assessment, including profiling and prediction (behavioral analysis) for purposes that may have negative legal, physical, financial or other effects on a person
- Automated decision-making that produces legal, financial or similar material results
- Processing of special categories of personal data, concerning convictions and legal violations
The proposed list includes many activities in the employment context, for example:
- Monitoring of working time and IT systems
- Processing of employee biometric data
- Employee productivity-assessment systems
The full list (in Polish) is available at: https://giodo.gov.pl/pl/file/13366.
Unofficial translation in English: https://iapp.org/media/pdf/resource_center/Mandatory-DPIA-Poland-klattorneys.pdf.
Guidelines of the supervisory authorities
Guidelines on the DPIA (in Polish) are available at:
https://uodo.gov.pl/data/filemanager_pl/706.pdf and
https://www.uodo.gov.pl/data/filemanager_pl/707.pdf.
Prior consultation
The request form (in Polish) for prior consultation (Art. 36 GDPR) may be found at: https://www.uodo.gov.pl/pl/127/219.