The Polish Data Protection Authority (GIODO) has just released its inspection plans for 2017. This year, the GIODO has decided to target its review of compliance with data protection laws on the health services sector, as well as on the consumer sector, with particular attention to certain profiling activities taking place in stores and shopping malls.

The health sector inspections will be directed at healthcare professionals and clinics. The inspections will centre on the process of patient registration, the circumstances in which registration data is collected from patients, as well as the overall data security provided. The inspections will be conducted either by GIODO’s inspectors or by Data Protection Officers (ABI) registered with the GIODO.

The store inspections will focus on devices, particularly those carrying out video monitoring or CCTV, which are used by a growing number of companies in Poland to profile their customers. These surveillance systems not only count the number of customers visiting a store but also establish the gender and age of shoppers using facial recognition software.

In addition, the GIODO announced that they will conduct inspections into entities that access the Schengen Information System and Visa Information Systems, as well as Eurodac and Europol systems.