How to notify the President of the Personal Data Protection Office of data breach?

Data breach shall be notified (in Polish) to the competent authority - the President of the Personal Data Protection Office.

Data breach can be notified in one of the following four ways:

  1. electronically by sending a completed form (available below) by means of a general letter available on the platform biznes.gov.pl (How to find the Authority in the general letter form?)
  2. electronically by sending a completed form to the Electronic Inbox ePUAP: /UODO/SkrytkaESP
  1. electronically be completing a dedicated electronic form available directly on the platform biznes.gov.pl being an equivalent of the form available below.
  2. by sending a completed form by regular mail to the address of the Office.

In case where the breach concerns persons in various EU countries, the President of the Personal Data Protection Office can be, but does not have to be, the lead supervisory authority (i.e. the authority relevant for the controller or the processor). In case of cross-border data breach the controller shall analyse whether the lead  supervisory authority with reference to processing activities covered by the breach is the President of the Personal Data Protection Office or perhaps other European supervisory authority (more: Guidelines for identifying a controller or processor’s lead supervisory authority (WP 244 rev. 01).