Responsibilities of the Inspector General for Personal Data Protection
Responsibilities of the Inspector General for Personal Data Protection are provided for by the provisions of the Act of 29 August 1997 on the Protection of Personal Data (i.e. Journal of Laws of 2002, No. 101, item 926, with amendments). Pursuant to these provisions the Inspector General for Personal Data Protection shall be entitled to:
- supervision over ensuring the compliance of data processing with the provisions on the protection of personal data,
- issue administrative decisions and consider complaints with respect to the enforcement of the provisions on the protection of personal data,
- keep the register of data filing systems and provide information on the registered data files,
- issue opinions on bills and regulations with respect to the protection of personal data,
- initiate and undertake activities to improve the protection of personal data,
- participate in the work of international organisations and institutions involved in personal data protection.
In case of any breach of the provisions on personal data protection, the Inspector General ex officio or upon a motion of a person concerned, by means of an administrative decision, shall order to restore the proper legal state, and in particular:
- to remedy the negligence,
- to complete, update, correct, disclose, or not to disclose personal data,
- to apply additional measures protecting the collected personal data,
- to suspend the flow of personal data to a third country,
- to safeguard the data or to transfer them to other subjects,
- to erase the personal data.
Should the inspection reveal that the action or failure in duties of the head of an organisational unit, its employee or any other natural person acting as the controller bears attributes of an offence within the meaning of the Act, the Inspector General shall inform about it a proper prosecuting body, enclosing the evidence confirming his/her suspicions.