ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Incidents and Fines

Is it possible to report an incomplete breach to PUODO and subsequently forward further information to PUODO regarding the report?

ANSWER

Yes, the controller may spread the submission of information relating to the breach to the supervisory authority over time. This is expressly stated in Article 33(4) GDPR. However, it is essential that the so-called initial notification is made within 72 hours (tick box in point 1 of the breach notification form, in row no. 3 of column no. 2).

This can be done when we do not possess all the information necessary to submit the initial notification (complete the entire notification form). This is also confirmed by the President of PUODO in the guide "Controller obligations related to personal data breaches" (https://uodo.gov.pl/pl/134/1029 – p. 10 of the document) and by the Article 29 Working Party in its guidelines WP 250 (https://www.uodo.gov.pl/pl/10/12 – pp. 17–18 of the document).

Show all
PreviousNext

Read also:

12 March 2026

Kiedy nie zgłaszać naruszenia do UODO? Praktyczna analiza art. 33 RODO

06 March 2026

Za co Prezes UODO nakłada kary – podsumowanie wyników raportu

15 October 2025

Jakie kary za marketing telefoniczny bez zgody? Przykłady decyzji i kwoty

Szkolenia

Praktyczny kurs IOD (32h) online

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Initial breach notification to PUODO can be supplemented | ODO 24 | ODO 24