ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
DPO Challenges

Can the handling of personal data breaches and their notification by the DPO actually constitute a conflict of interest?

ANSWER

As the Polish Data Protection Authority (UODO) states in its latest guidance, Data Protection Officers are professional advisors who support controllers and processors in ensuring compliance with the GDPR. In order to properly perform their tasks, they must remain independent, and the scope of their responsibilities should be free from conflicts of interest.

According to UODO, DPOs should not document personal data breaches on behalf of controllers, particularly where this would involve determining the purposes and means of processing personal data or deciding on remedial measures.

Taking this into account, it may be cautiously assumed that documentation activities devoid of these elements, consisting solely of organizing and properly recording the information and circumstances provided by the controller, would not give rise to a conflict of interest. However, given UODO's current position, this interpretation carries a certain degree of risk.

Show all
PreviousNext

Read also:

12 March 2026

Jak wdrożyć UKSC / NIS2 - poradnik dla firm

12 March 2026

Jak wdrożyć KSC / NIS2 - poradnik dla firm

03 February 2026

Ocena skutków dla ochrony danych (DPIA) – praktyczny przewodnik + wzór formularza

Dr RODO - aplikacja do audytu i ryzyka

Diagnozuj zgodność i dbaj o odporność organizacji

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Can DPO breach handling create a conflict of interest? | ODO 24 | ODO 24