Poland: Banks under GDPR scrutiny

Poland

Poland’s data protection watchdog (“Personal Data Protection Office”) published its audit plan for 2020. According to that plan – this year sector audits will be carried out, amongst others, in banks. The audits will focus on the issue of making copies of customers’ identity documents by the banks.

As a reminder: in September 2019, in a statement prepared for the Polish Bank Association (pl: Związek Banków Polskich), the Personal Data Protection Office pointed out that, in in its view, producing copies of IDs of the banks’ customers is only legal when it follows expressly from statutory legislation (e.g. Polish AML regulation).

According to the Personal Data Protection Office’s website – scheduled inspections are dictated mainly by numerous signals (including complaints, questions and reports of violations of personal data protection).

Please note that non-compliance with GDPR provisions can result in significant fines, which vary depending on the type of violation. The maximum possible fine under the new law is the higher of EUR 20m or 4% of the organisation’s total worldwide annual turnover in the prior financial year (e.g. for infringements relating to the basic principles of data processing).

For more information, please get in touch with us.