Ensuring occupational safety and protecting employees’ health have been of the utmost importance for many employers over the past few weeks. With the rapid spread of Covid-19, employers were forced to adopt strict preventive measures to ensure a safer working environment within their workplaces. While the most obvious solution was the adoption of home office … Continue Reading
Poland’s Ministry of Digital Affairs and the Chief Sanitary Inspectorate have launched ProteGO, one of EU’s first official COVID-19 tracking applications. The Minister of Digital Affairs, Marek Zagórski, has been quoted as saying that his ultimate objective is for every smartphone user in Poland to use the app.… Continue Reading
Here are the most frequently asked questions regarding personal data processing in the context of employment which have not been explicitly addressed in the supervisory authority’s statement on data processing in light of the coronavirus pandemic (mentioned in our previous post). Our answers draw on core data protection rules, binding labour law provisions, Chief Labour … Continue Reading
Polish Supervisory Authority’s Guidance On March 12, the Polish supervisory authority (the President of the UODO) issued a statement on data processing in light of the coronavirus pandemic. This statement (available in Polish here) is short on certain details and it is, therefore, of little guidance. It is silent on particular questions which have plagued … Continue Reading
Recently the Polish regulator (UODO) published the updated list of processing operations which require a data protection impact assessment – the consequence of the EDPB’s objection to the original “black list” published by UODO back in 2018. Additionally, UODO prepared detailed guidelines on the duties of controllers in connection with data breaches under the GDPR, … Continue Reading
On March 26, 2019, the Polish Data Protection regulator (Urząd Ochrony Danych Osobowych – UODO) announced the first administrative fine imposed on a Warsaw-based company for failure to meet the informational obligation toward the data subjects whose data it processed, in violation of article 14 of the General Data Protection Regulation (GDPR). The fined company … Continue Reading
On 24 January 2019, the Personal Data Protection Office (UODO) published a sectoral inspection schedule for 2019. According to the schedule, as approved by UODO’s President, the inspections will aim at verifying the legitimacy of personal data processing in the following private sectors: telemarketing, data brokers (as regards legal grounds for personal data processing) and … Continue Reading
On 15 January 2018, the Ministry of Digital Affairs (Ministry) held a conference to summarize the outcome of a public consultation on Poland’s draft GDPR implementation law. The consultation invited all citizens and entrepreneurs to express their opinion on the draft law on the protection of personal data, which was released by the Ministry on … Continue Reading
On 14 September 2017, a draft of the new Personal Data Protection Act “implementing” EU General Data Protection Regulation (the “PDPA Draft”) was published as well as a draft amending numerous sectoral laws (“Amending Act Draft”). As announced by the Minister for Digitization, the drafts are to be subject to extensive public consultation. Here are … Continue Reading
At the end of August 2017, legislative work has started to set out principles of checking clean criminal records of applicants for employment in the entities of the financial sector. A list of entities that will benefit from the law covers, inter alia, banks, international financial institutions, insurers, the Polish Export Credit Agency (KUKE), insurance … Continue Reading
In a globalized world, the ability to transfer data between organizations located in different parts of the world is of the utmost importance. The EU Data Protection Directive (GDPR), which will apply from 25 May 2018, governs the international transfer of personal data. Data Transfer Within the EU The free exchange of personal data between … Continue Reading
Within the vast range of changes implemented by the General Data Protection Regulation (GDPR), the scope of consent is mentioned as one of the most controversial. GDPR lists several basis for personal data processing, including consent of a data subject or legitimate business purpose of a data controller. Here we present a brief overview of … Continue Reading
On 28 March 2017, the Ministry of Digital Affairs (the “Ministry”) presented a preliminary draft of some of the provisions of the new Personal Data Protection Act. The remaining part of the Act that is not included in the presented project – which concerns regulations on the new data protection authority’s system position, transitional rules, … Continue Reading