Data protection documentation

Data protection documentation

According to information published by the President of the Office for the Protection of Personal Data, as of 25 May 2018, due to the commencement of the application of new regulations governing protection of personal data and the entry into force of the new Data Protection Act, the previously existing requirements for documentation of processing of personal data. However, documentation is still required and, from the perspective of the accountability principle, plays one of the key roles in the event of an audit by a supervisor.

It should be noted that RODO provides virtually no guidance on how to keeping records of the processing of personal dataas well as its content, thus giving a lot of leeway to data controllers in this respect. The legislation only indicates in very general terms some new elements of personal data processing documentation, such as:

  • register of processing operations and register of categories of processing operations (Article 30 RODO);
  • procedures for reporting data protection breaches to the supervisory authority (Article 33(3) RODO);
  • procedures for keeping an internal register of data protection breaches (Article 33(5) RODO);
  • reports on data protection impact assessments carried out (Article 35(7) RODO).


Nevertheless, controllers have the possibility to benefit from the support of data protection experts who will help develop documentation that meets the standards and is tailored to the entity's individual needs.

If you have any questions on this subject, please contact rodo@wynimko.gogler.com.pl.

Contact form

Complete the form and ask us a question

We will get back to you as soon as possible.

    Choose the problem that concerns you







    I have read and accept Privacy Policy.