Despite 5 years of validity of GDPR, data administrators still do not fullfil their obligations connected with reporting the incidents to UODO. They also assess the incidents wrongly and do not classify them to be reported. The President of UODO points data administrators in his decisions and rulings for abnormalities in an incident assessment – writes Martyna Popiołek-Dębska on prawo.pl