The Powers of the Supervisory Body in the GDPR as a Basis for Shaping the Practices of Personal Data Processing
Paweł Hajduk
Doctoral School at Cardinal Stefan Wyszyński University in Warsaw , Polandhttps://orcid.org/0000-0001-5583-2267
Abstract
The purpose of this article is to analyse the competences of the supervisory authority provided for in the General Data Protection Regulation (GDPR) as a tool to shape the practice of personal data processing. This article verifies the thesis that the status of the supervisory authority formed in the GDPR, taking into account the authority’s independence, makes it possible to exercise the authority thoroughly, which is the basis for shaping personal data processing practice. Supervisory authorities have a wide range of powers to carry out the duties assigned to them. This is guaranteed by their independence. The exercise of powers resonates with all entities that fall under the jurisdiction of those authorities. The decisions of the authorities become the subject of interest of both the literature and personal data administrators. The powers connected with imposing administrative penalties might play a particular role. Their imposition causes that entities which are in similar circumstances may expect to be subject to the same penalties. In order to avoid this situation, they tend to adapt their practices to the model adopted in the decision. Opinions and recommendations, as well as codes of conduct approved by the supervisory authorities for particular sectors, which are a benchmark for administrators in those sectors, play an important preventive role.
Keywords:
GDPR, supervisory, authorities, data, processingReferences
Czerniawski, Michał, and Maciej Kawecki, ed. Personal Data Protection Act. Commentary. Warsaw: C.H. Beck, 2019.
Dmochowska, Anna, and Aleksandra Piotrowska. Personal Data Protection Act. Commentary. Warsaw: C.H. Beck, 2018.
Drobek, Piotr. “Personal Data Breach Notification in the European Union and Poland –Selected Aspects.” In Geographic Information Systems Conference and Exhibition “GIS ODYSSEY 2016”, 5th to 9th of September 2016, Perugia, Italy, Conference proceedings, edited by Agnieszka Bieda, Jarosław Bydłosz, and Anna Kowalczyk, 90–99. Zagreb: Croatian Information Technology Society – GIS Forum, 2016.
Fajgielski, Paweł. “Artykuł 91. Istniejące zasady ochrony danych obowiązujące kościoły i związki wyznaniowe.” In General Data Protection Regulation. Personal Data Protection Act. Commentary, edited by Paweł Fajgielski, 690–695. Warsaw: Wolters Kluwer Polska, 2018.
Góral, Urszula, and Paweł Makowski. “Artykuł 51. Organ nadzorczy.” In GDPR. General regulation on personal data protection. Commentary, edited by Dominik Lubasz, and Edyta Bielak-Jomaa, 906–909. Warsaw: Wolters Kluwer Polska, 2018.
Góral, Urszula, and Paweł Makowski. “Artykuł 58. Uprawnienia.” In GDPR. General regulation on personal data protection. Commentary, edited by Dominik Lubasz, and Edyta Bielak-Jomaa, 939–945. Warsaw: Wolters Kluwer Polska, 2018.
Kurek, Justyna, and Jolanta Taczkowska-Olszewska. Protection of personal data as a realization of tasks in the area of state security. Warsaw: C.H. Beck, 2020.
Litwiński, Paweł, ed. Personal Data Protection Act. Commentary. Warsaw: C.H. Beck, 2018.
Litwiński, Paweł. “Komentarz do artykułu 51.” In EU Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of data. Commentary, edited by Paweł Litwiński. Warsaw: Legalis el., 2018.
Litwiński, Paweł. “Komentarz do artykułu 58.” In EU Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of data. Commentary, edited by Paweł Litwiński. Warsaw: Legalis el., 2018.
Młotkiewicz, Monika. “Cooperation between data protection official (ABI) and GIODO - development perspectives.” Information in Public Administration, no. 3 (2017): 10–13.
Pedic, Zana. “Interconnectivity and differences of the (information) privacy right and personal data protection right un the European Union.” Review of Comparative Law 30, no. 3 (2017): 125–135.
Rokita, Krzysztof. “Independence of personal data protection authorities in the General Data Protection Regulation.” European Judicial Review, no. 7 (2016): 4–12.
Sakowska-Baryła, Marlena. “Komentarz do artykułu 58.” In General Data Protection Regulation. Commentary, edited by Marlena Sakowska-Baryła. Warsaw: Legalis el., 2018.
Tykwińska-Rutkowska, Dominika. “6.3. Dyrektywy wymiaru administracyjnych kar pieniężnych.” In Documentation of the GDPR in medical institutions, edited by Aneta Sieradzka, and Dominika Tykwińska-Rutkowska. Warsaw: Legalis el., 2019.
Zawadzka, Natalia. “Artykuł 91. Istniejące zasady ochrony danych obowiązujące kościoły i związki wyznaniowe.” In GDPR. General regulation on personal data protection. Commentary, edited by Dominik Lubasz, and Edyta Bielak-Jomaa, 1112–1117. Warsaw: Wolters Kluwer Polska, 2018.
Doctoral School at Cardinal Stefan Wyszyński University in Warsaw
Paweł Hajduk, M.A., Research Associate, Doctoral School at Cardinal Stefan Wyszyński University in Warsaw, Faculty of Law, Department of Informatics; correspondence address: ul. Habicha 18/23, 02-495 Warsaw, Poland; e-mail: pawelhajduk1994@gmail.com; https://orcid.org/0000-0001-5583-2267.
https://orcid.org/0000-0001-5583-2267
