Poland: insurance companies and banks under GDPR scrutiny


Poland’s data protection watchdog (“Personal Data Protection Office”) has published its audit plan for 2019. Financial institutions are in the spotlight as the audit plan covers profiling in insurance companies and banks.

According to the watchdog’s website, scheduled inspections are initiated mainly as a result of various signals (including complaints) indicating that there is a threat of a violation of the GDPR.

Non-compliance with GDPR provisions can result in significant fines, which vary depending on the type of violation. The maximum possible fine under the new law is the higher of EUR 20m or 4% of the organisation’s total worldwide annual turnover in the prior financial year (e.g. for infringements relating to the basic principles of data processing).

For more information, please get in touch with your contact person at CMS Cameron McKenna Nabarro Olswang.