News

📢 No DPO? No excuse
Source: DKN.5131.7.2024
Poland, UODO

🔍 On February 6, 2025, the Polish data protection authority, UODO, fined a public company, the Building Control Inspectorate of the Częstochowa district (PINB) €5,814 for failing to appoint a DPO, failing to notify the authority, and failing to publish its contact details.

💥 Yet, since May 2018, the GDPR is clear:
🔹 Any authority or public body must formally designate a DPO.
🔹 This designation must be documented, official, clear
🔹 Its contact details must be published and notified to the supervisory authority

❌ What was complained of:

🔸 A verbal appointment of a DPO, with no official designation.
🔸 No clear legal designation document
🔸 No official information published
🔸 No notification to the authority before 2024
🔸 Used internal organizational arguments: sick leave, reassignment of tasks, relocation of DPO, which do not justify this failure.

📌 Why is it serious?

👉 The DPO plays a key role in the governance of personal data:
✔ Compliance guarantor
✔ Point of contact for data subjects
✔ Interlocutor for the authority
✔ Internal strategic advisor
Without a visible, identifiable DPO, there's no trust, no transparency, no response to people's rights.

📣 To remember :

✅ Appoint a DPO officially
✅ Notify your data protection authority of his or her appointment
✅ Publish his/her contact details on your website or internal channels
✅ Document everything: role, missions, appointment, independence, resources

🎯 And above all: don't let an absence or departure create a vacuum!