Recently the Polish regulator (UODO) published the updated list of processing operations which require a data protection impact assessment – the consequence of the EDPB’s objection to the original “black list” published by UODO back in 2018. Additionally, UODO prepared detailed guidelines on the duties of controllers in connection with data breaches under the GDPR, to be followed by controllers in case of data incidents. More about that in Magdalena Gad-Nowak’s post in the Data Privacy & Cybersecurity blog. The post also summarizes a very interesting, yet controversial, recent decision of the Supreme Administrative Court, which found that license plate numbers do NOT constitute personal data. Enjoy!