You, as an employee of the Organization, must contact the designated Data Protection Officer using the contacts specified above in the following cases:
- a human error has occurred and as a result personal data may have been lost. For example, personal data has been forwarded to a different addressee than the one for which it was intended; documents containing personal data have been left in a place other than the one intended for storage; portable/mobile devices containing personal data have been lost, etc. The Data Protection Officer will advise you on what to do urgently in such a case.
- a different data security breach has occurred. For example, personal data has been stolen, you cannot access your customer database, personal data has been illegally changed, etc. The Data Protection Officer will advise you on what actions to take first.
- a natural person has submitted a request and is requesting the exercise of his or her rights as a data subject (e.g., access to personal data, erasure of personal data, etc.). The Data Protection Officer will assist in preparing a response.
- immediately report any suspicious situation that may pose a threat to the security of personal data. The Data Protection Officer will advise you on what action to take.
- if you notice that new personal data is being collected or processed that is not listed in the register of data processing activities, or if you reasonably believe that it is necessary to process such personal data. The Data Protection Officer will advise you on your obligations in this situation.
- you are dealing with issues related to the protection and processing of personal data, or that may affect the protection and processing of personal data. The Data Protection Officer will provide his opinion on how to do this properly.
- you are preparing legal acts regulating the processing and/or security of personal data. The Data Protection Officer will review them and provide his observations.
- you have received a letter from the State Data Protection Inspectorate. The Data Protection Officer will help you prepare a response.
- a third party has contacted you and asks you to provide personal data. The Data Protection Officer will advise you on whether such a request can be carried out and what criteria to follow when assessing its lawfulness and validity;
- your Organization’s personal data processing activities change. The Data Protection Officer will advise you on what actions to take.
- you anticipate that other information related to the Organization’s personal data processing may change (e.g. the personal data processed, the purposes of processing, the lawful conditions for processing personal data may change). The Data Protection Officer will advise you on how to properly record this, who to notify, etc.
