Digital marketing runs on personal data — from email addresses in newsletter databases, through cookies tracking website behaviour, to advanced profiling and remarketing. Each of these elements is subject to the GDPR, and errors in their use are among the most frequently sanctioned violations — both by UODO and by European supervisory authorities (particularly the […]
The healthcare sector is one of the areas where personal data processing carries the highest risk. Health data belongs to the special categories of personal data (Article 9 GDPR), and its processing is subject to stricter rules than ordinary data. At the same time, healthcare requires intensive processing of such data — diagnostics, treatment, prevention, […]
CCTV cameras are standard equipment in offices, shops, warehouses, car parks, and residential estates today. For many organisations, video surveillance seems so obvious that they forget one thing — a CCTV recording is personal data. A person’s image captured on a recording enables identification, which means video surveillance is fully subject to the GDPR. In […]
Running an online shop involves intensive personal data processing at every stage — from account registration, through order fulfilment, to marketing and after-sales service. At the same time, e-commerce is a sector where UODO and European supervisory authorities are increasingly active in conducting audits, and customers are increasingly exercising their GDPR rights. This article covers […]
A GDPR compliance audit is a systematic review of personal data processing activities within an organisation, designed to assess whether the company meets the requirements of the data protection regulation. It is not a one-off exercise from 2018 — it is a process that should be repeated regularly, as business processes, technologies, and the legal […]
On 3 April 2026, the amended Act on the National Cybersecurity System (KSC) entered into force in Poland, implementing the EU’s NIS2 Directive (Directive (EU) 2022/2555). This is a fundamental change — the previous legislation covered approximately 400 operators of essential services, while the new rules extend to over 42,000 entities. For many organisations, NIS2 […]
The HR department is one of the most data-intensive areas of any organisation. From the moment a job advertisement is published, through the entire period of employment, to the archiving of records after the employment relationship ends — HR handles the personal data of employees, candidates, and contractors on a daily basis. At the same […]