New Mandatory Privacy Audits
"The recent amendments to the Polish Act on the Protection of Personal Data (the ""PPD"") came into force on 1 January 2015. Among other things, they introduced mandatory internal data protection audits. We consider their impact on Polish data controllers and potential loopholes in this new law. The intention of the recent amendments to the PPD was to reduce the regulatory burden on entrepreneurs, but it is not clear if this is the effect in practice. Instead, the Regulation imposes new and onerous obligations on information security officers and indirectly also data controllers who have appointed such a person. The Regulation also fails to clearly describe which data controllers are subject to these audits. In practice, they may deter data controllers from making such an appointment given the potential additional audit obligations that will entail."