anonym.legal

By · Last updated 2026-06-05

返回博客GDPR 与合规

波兰UODO:PESEL、NIP与RODO合规

UODO发现89%的已部署工具无法正确检测波兰PESEL。波兰每日处理230万条欧盟客户记录。PESEL校验和验证、NIP详解。

June 5, 20267 分钟阅读
Poland UODOPESEL validationPolish RODO complianceNIP REGON detectionBPO GDPR

波兰UODO:PESEL、NIP与RODO合规

2026年更新版

什么是UODO?

UODO是波兰的数据保护机构,全称为Urząd Ochrony Danych Osobowych(个人数据保护局),负责执行RODO——即GDPR的波兰语名称。

2024年,该机构开展了一项执法调查,结论触目惊心:89%的波兰组织所使用的个人信息工具无法正确检测PESEL号码。

波兰是欧洲重要的业务流程外包(BPO)中心,每天处理230万条欧盟客户记录。这一检测差距带来了真实风险,不仅影响UODO的管辖范围,也波及每一个数据被波兰服务商处理的欧盟成员国监管机构。有关更广泛背景,请参阅我们的GDPR合规指南

PESEL:技术标准

PESEL是「公民电子人口登记系统」(Powszechny Elektroniczny System Ewidencji Ludności)的缩写,是一个11位国家身份号码,编码五项数据字段:

  • 第1–2位: 出生年份末两位
  • 第3–4位: 出生时期代码(详见下文)
  • 第5–6位: 出生日期
  • 第7–10位: 顺序序列号(奇数=男性,偶数=女性)
  • 第11位: 校验字符

校验字符采用加权求和算法:将前十位数字分别乘以权重(1、3、7、9、1、3、7、9、1、3),求和后取模10。结果为零则校验通过,非零则号码无效。

出生时期代码问题

第3–4位同时编码出生时期和所属世纪,监管机构要求工具支持全部五个范围:

世纪代码范围
1800年代81–92
1900年代01–12
2000年代21–32
2100年代41–52
2200年代61–72

大多数工具仅处理1900年代的范围,会遗漏所有1999年后出生的人——代码21–32替代了这部分人的01–12区间,恰恰影响的是数字化程度最高的年龄群体。支持全部五个范围的校验是核心合规要求。

NIP和REGON:企业标识符

NIP(纳税人识别号) 是10位税务识别号,出现在发票、合同和工资记录中。校验方法:将前九位分别乘以权重(6、5、7、2、3、4、5、6、7),取模11,得出校验字符。

NIP有两种形式:个人NIP(NIP osoby fizycznej)和企业NIP(NIP podmiotu)。

REGON 是企业统计号,分为9位和14位两种版本,各有其校验算法,出现在合同和供应商文件中。

人力资源记录通常同时包含PESEL、NIP和REGON,完整合规要求检测全部三种类型。有关技术安全措施的详情,请参阅我们的安全合规页面

BPO的多司法管辖区暴露风险

波兰的BPO企业为西欧客户处理数据:

  • 德国银行客户记录在华沙处理
  • 法国保险理赔在克拉科夫处理
  • 英国医疗数据由弗罗茨瓦夫的后台团队管理

一次检测失败会同时引发四个监管机构的问责:

  1. UODO — 针对波兰数据主体保护措施不足
  2. BfDI / 各州数据保护局 — 针对德国公民数据
  3. CNIL — 针对法国公民数据
  4. ICO — 针对英国公民数据

跨境合规要求工具覆盖完整的欧盟标识符集。PESEL、NIP和REGON是本地基线要求;当相关记录在处理范围内时,还须包括德国税务ID、法国NIR和荷兰BSN。每种国家标识符都有其独特的格式和校验逻辑,遗漏任何一种都会造成合规漏洞。有关各成员国实体覆盖情况,请参阅我们的多语言个人信息检测指南

参考来源

相关文章

GDPR 与合规

Japan My Number: Verhoeff & APPI

63% of generic tools fail My Number detection in Japanese documents. My Number uses Verhoeff algorithm — the most complex national ID checksum in Asia.

GDPR 与合规

HDPA Greece: AFM & AMKA Detection

Greek AFM detected with 52% accuracy by generic tools. HDPA issued 89 decisions in 2024 — up 162% from 2022. Tourism and maritime sectors face distinct.

GDPR 与合规

NAIH Hungary: TAJ-Szám and Adóazonosító Jel

Hungarian NER accuracy is 67% vs. EU average 82% — NAIH's 2024 assessment. TAJ-szám weighted checksum and adóazonosító jel detection gaps.

准备好保护您的数据了吗?

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.