ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Documentation and Procedures

Can a Data Controller Authorise an Employee to Grant Permissions to Process Personal Data?

ANSWER

As a general rule, authorisations to process personal data on behalf of the data controller are granted by the controller itself. In the case of a limited liability company (sp. z o.o.) acting as a data controller, responsibility for granting authorisations rests with the management board, in accordance with the representation rules entered in the National Court Register (KRS).

The GDPR does not prohibit the authorisation of another person — such as a commercial proxy (prokurent), an employee of the company, or the Data Protection Officer — to grant authorisations to process personal data on behalf of the controller. Nevertheless, the data controller, i.e. in this case the company represented by the president of the management board, should formally authorise a specific person (employee) to grant the relevant data processing permissions on its behalf.

Show all
PreviousNext

Read also:

07 June 2026

TikTok a RODO w sektorze publicznym – czego urzędy mogą dowiedzieć się z niemieckich zaleceń dla instytucji

29 May 2026

Kontrola służbowej poczty e-mail pracownika a tajemnica przedsiębiorstwa - kiedy pracodawca może legalnie przejrzeć skrzynkę?

14 May 2026

Czy pracodawca może opublikować zdjęcie pracownika? Wykorzystanie wizerunku pracownika na gruncie RODO i prawa autorskiego

Szkolenia

Dla IOD i pracowników - otwarte, zamknięte, e-learning

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Who May Grant Permissions to Process Personal Data? | ODO 24 | ODO 24