FORMAL ANSWER

The purpose of an inspection by a Polish DPA inspector is to establish the factual state of affairs regarding compliance with personal data protection provisions by the entity under inspection and to document the findings made. Inspection activities (so-called on-site inspections) are carried out at the headquarters of the entity under inspection and at another location (e.g. in organisational units) indicated as an area where personal data are processed. Both public sector entities and private entities that should apply personal data processing principles are subject to inspection. An inspection ends with the preparation and signing of a report.

PRACTICAL ANSWER

Most inspections by the President of the Polish DPA result from a complaint about data processing, although there are also numerous ex officio checks of specific sectors. GDPR provisions do not specify the duration of an inspection. From experience, we can say that an inspection by the President of the Polish DPA may last from one day to as long as a week. The length of an inspection is influenced by its subject-matter scope (whether it covers the entire organisation or only a selected department/issue) and the complexity of the activities carried out from the perspective of personal data processing operations.

MORE:

• You can find more information in the article: Let's welcome our guests – inspection