Latest news

Personal data protection: Are you ready for GDPR compliance?

24.04.2017

On 25 May 2018, the legislation on personal data protection will change due to entry into force of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).

The Regulation changes, among others, the scope of personal data which are subject to the protection. The practice of profiling persons will also be regulated. The catalogue of sensitive data will be extended by genetic data, biometric data and data concerning health. The consent to the processing of data will have to specify the purpose for which data are processed. One general statement used so far will not suffice. When the purpose of the processing is to be changed, the data controller will have to seek additional consent from the data subject.

Each data controller will have an obligation to bring any personal data breach to the attention of the supervisory authority as well as notify accordingly the affected data subject.

The Regulation also clarifies its territorial scope by applying it to the services rendered within the European Union. The current wording of the Regulation imposes an obligation to comply with the new Regulation also on global players such as Facebook or Linkedin. 

 GDPR also regulates the protection of personal data of persons without capacity for legal acts. Using online services, including social networks, by children below the age of 16 years, will only be lawful if the consent is given by parents or legal guardians of
a child. GDPR provides, though, that member states may provide a lower age for those purposes as long as such lower age is not below 13 years. Poland is likely to take advantage of this opportunity as the draft personal data protection law drawn up by the Ministry of Digital Affairs provides for the mandatory consent of a parent or a guardian for the processing of personal data of
a person below the age of 13 years.

The status of the entity supervising the personal data on behalf of the controller will also be changed. Once GDPR enters into force, the data will be supervised by Data Protection Officer who will enjoy greater powers that those of the Information Security Administrator. The Regulation provides also for the appointment of the European Data Protection Supervisor and the establishment of the European Data Protection Board.

An important novelty for all data controllers is the possibility of imposing penalties by the supervisory authority for a failure to implement the regulations on personal data protection. Depending on the type of infringement, the fines may be up to EUR 10 or 20 million or equivalent of 2 % or 4% of the total annual turnover. Entry into force of GDPR on 25 May 2018 means that as of that day all activities of personal data processors must be compliant with it. Such was the purpose of a 2-year period of vacation legis. That is why so many businesses now focus on getting to know the new law and achieving full compliance by 25 May 2018.

 

Sylwia Składzień
Legal adviser/Junior Associate
Employment Department
sskladzien@tgc.eu

Subscribe our newsletter

If you want to be up-to-date, subscribe our newsletter!

WHICH TOPICS ARE YOU INTERESTED IN?

TGC Corporate Lawyers

ul. Hrubieszowska 2
01-209 Warszawa
✆: +48 22 295 3200

TGC Corporate Lawyers

City Business Center 5 Karadžicova 16
821 08 Bratislava
✆: +421 254 630 457

TGC Corporate Lawyers

Jezuitská 6/1
602 00 Brno
✆: +420 542 425 831

TGC Corporate Lawyers

ul. Strzegomska 142A
54-429 Wrocław
✆: +48 71 733 1300

TGC Corporate Lawyers

ul. Smoleńsk 18/1
31-112 Kraków
✆: +48 12 334 9100

TGC Corporate Lawyers

ul. Nawrot 114
90-029 Łódź
✆: +48 42 671 8560

TGC Corporate Lawyers

U Garáží 1611/1 Praha 7 Holešovice
Prague
✆: +420 221 111 611

Poland, Czech Republic, Slovakia

Offices of TGC

Corporate Lawyers

close This website uses cookies to provide services in line with Cookies policy. You can define terms and conditions of storing or accessing cookies in your browser.