The Personal Data Protection Office’s Sectoral Inspection Plan for 2025

The security of medical data and the processing of children's data are among the key areas that inspectors from the Personal Data Protection Office will focus on in 2025.

The Personal Data Protection Office’s Sectoral Inspection Plan for 2025 includes sectors where the risk of violating personal data protection regulations is increasing. The Office has also considered areas of high public interest. The Personal Data Protection Office’s sectoral inspection plan for 2025 is as follows:

1. Authorities processing personal data in Large-Scale European Union Systems, including the processing of SIS/VIS personal data based on the Act of August 24, 2007, on the participation of the Republic of Poland in the Schengen Information System and the Visa Information System (Official Journal of 2023, item 1355, as amended), as well as implementing acts and EU regulations.

2. Entities processing health data – the method of ensuring the security of personal data.

3. Entities processing children's data – processing children's images when parental or legal guardian’s consent is required.

4. Data controllers – fulfilling the obligation under Article 33(5) of Regulation 2016/679, which requires documenting all personal data breaches, including the circumstances of the breach, its consequences, and remedial actions taken.