What should you do when your personal data has leaked?

What’s done is done – your personal data has leaked. What to do? You should take all measures that will protect you against the negative effects of the leak or at least minimise these effects.

In the event where your ID card number leaks (you lose the document, it is stolen or the data is leaked as a result of inadequate protection by entities that process such data in accordance with the law):

  • as a result of theft – it is a must to report it to the Police
  • as a result of loss – it is a must to report the loss to the nearest municipal authority or consular post (if you are abroad) – you can also do it online using a trusted profile;
  • as a result of both theft and loss – notwithstanding the above, it is a must to cancel your ID card at the bank.
  • Always use the newest possible version of the operating system and don’t ignore alerts of new updates available for download.
  • If you wish to install an app, always check, whether it comes from a trusted source; it will allow you to minimise the risk of your smartphone getting infected. Upon installation, also pay attention to what types of information the app needs permissions.

There are also tools created by private entities that render it possible to cancel data from your ID card, as the one prepared by Biuro Informacji Kredytowej S.A. It is also worth using the option of setting messages/alerts in the event of an attempt to incur liabilities using your data (e.g. BIK alerts).

In case of the theft/loss/leakage of data from your payment card (card number and CVV code on the reverse of the card) – if you are not 100% sure that the card has been irretrievably lost, to start with, you may merely change the transaction limit on the card to PLN 1. If you are sure about the permanent loss of the card – block the card using electronic banking or by calling your bank’s hotline (it is possible 24/7). You can also use the universal, interbank Card Cancellation System by calling (+48) 828 828 828.

If for some reason you are concerned that your password used to log in to any website may have leaked, there is a website https://haveibeenpwned.com/ where you can check if it happened for a specific email or telephone number used as login. If this is the case, you must change this password on the website where you use it.

To whom may I speak?

  • To the data controller – with a request for information and explanations. The controller must reply to you within 30 days. Keep the correspondence, it may turn out useful one day. You can also ask for compensation.
  • To the search engine provider, e.g. Google – if you want to remove your data from the search results. The form for submitting such a request is available here.
  • To the President of the Personal Data Protection Office – you have the right to lodge a complaint with the President of the Personal Data Protection Office, even if you have not suffered any damage. The aforesaid President may punish the data controller or command them to undertake certain actions.
  • To the Police, if, in your opinion, a specific person has committed a criminal act specified in the law. Please be also reminded that if that person is convicted, the criminal court may order to repair the damage caused by them.
  • To a civil court – in order to obtain compensation for a tangible damage or harm (even for the mere fact that your data had leaked and therefore you had various concerns). In Poland, there has already been a judgement awarding compensation in the amount of PLN 1.5K. Please be reminded, however, that civil law involves costs (claim fee, attorney’s fee).

Czytaj także:

Najczęstsze błędy przy zawieraniu umów powierzenia
Administratorem Twoich danych jest ODO 24 sp. z o.o. z siedzibą w Warszawie (03-812) przy ul. Kamionkowskiej 45. Twoje dane są przetwarzane w celu świadczenia usługi biuletyn informacyjny na zasadach określonych w Regulaminie ŚUDE. Więcej informacji na temat procesu przetwarzania danych osobowych oraz przysługujących Ci praw uzyskasz w Polityce prywatności.
Potwierdź swój adres e-mail
Wejdź na swoją skrzynkę pocztową, otwórz wiadomość od ODO 24 i potwierdź adres e-mail, klikając w link.
Jeżeli nie znajdziesz naszej wiadomości - sprawdź w folderze SPAM. Aby w przyszłości to się nie powtórzyło oznacz wiadomość jako pożądaną (klikniknij prawym przyciskiem myszy i wybierz “Oznacz jako wiadomość pożądaną”).
Odbierz bezpłatny pakiet 4 poradników
i 4 szkoleń e-learningowych RODO
4x4 - Odbierz bezpłatny pakiet 4 poradników i 4 szkoleń RODO
Administratorem Twoich danych jest ODO 24 sp. z o.o. z siedzibą w Warszawie (03-812) przy ul. Kamionkowskiej 45. Twoje dane są przetwarzane w celu świadczenia usługi biuletyn informacyjny na zasadach określonych w Regulaminie ŚUDE. Więcej informacji na temat procesu przetwarzania danych osobowych oraz przysługujących Ci praw uzyskasz w Polityce prywatności.
Administratorem Twoich danych jest ODO 24 sp. z o. o. >>>