Who is your favourite author?
On 14 April 2016 the European Parliament finally adopted the General Data Protection Regulation (GDPR), which comes into effect in two years' time, i.e. in May 2018. The Regulation will apply directly in Poland without having to be implemented by statute.
One of the main and most revolutionary amendments introduced by the GDPR is that the public authorities that control personal data processing in Member States (in Poland, the General Inspector for Personal Data Protection – GIODO) will now have the power to impose heavy fines on enterprises that fail to comply with the GDPR, with the highest fine being up to 4% of an enterprise's global turnover (though not more than EUR 20 million).
Under current regulations on sanctions for incompliant personal data processing GIODO only has the power to impose a coercive fine (up to PLN 200,000) by way of an administrative decision.
This change takes data processing to an entirely different risk level and processing in compliance with personal data protection regulations will become even more essential for enterprises.
Other key amendments involve application of a single law where a data controller operates in more than one EU country (one-stop shop), appointment of an Information Security Administrator, notification of personal data law breaches, creation of self-regulatory instruments and introduction of the obligation to protect personal data at product or service design level (privacy by default).
Full content of the legal alert is available in attached PDF.
From 25 May 2018 the General Data Protection Regulation (GDPR) applies in Poland and other European Union countries. We would therefore like to give you several details on the subject of how DZP processes personal data.
The administrator of the personal data is Domański Zakrzewski Palinka Sp.k. (“DZP”; address: Rondo ONZ 1, 00-124 Warszawa). Data are processed for contact purposes and to impart information on changes to provisions and authority practices and on other issues, including events concerning day-to-day legal, economic and cultural issues, inter alia, by sending DZP newsletters. The above is carried out on the basis of legitimate interests, i.e. in accordance with art. 6(1)(f) of the GDPR. Data can also be processed where necessary for the conclusion or performance of a contract and for compliance with a legal obligation to which DZP is subject, i.e. pursuant to art. 6(1)(b) and (c) of the GDPR. Data can be transferred to entities with whose help DZP achieves the indicated aims, including entities maintaining IT infrastructure. Giving data is voluntary and in contractual relations is a requirement for concluding and performing a contract. It is possible to object to data processing, request access to, rectification and erasure of personal data or restriction of processing and data portability. Data are kept until an objection is made, and in contractual relations – throughout the term of the contract and thereafter for a period specified in provisions on archiving and limitations period for claims. Anyone has the right to file a complaint with the President of the Personal Data Protection Office. Questions concerning privacy at DZP can be sent to DZP’s Data Protection Inspector, Macieja Maciejewskiego, at: firstname.lastname@example.org.
New rules on cookies: Domański Zakrzewski Palinka sp.k., as the service provider of the www.dzp.pl website, stores and accesses cookies, i.e. small text information fles sent by a web server and stored on your hard drive, or other data storage medium of a user, for the purposes of: proper functioning of the www.dzp.pl website, confguring the www.dzp.pl website, security and reliability of the www.dzp.pl website, session monitoring, providing advertisements, personalization of the displayed information to the user, or analysis, statistics, research and website trafc auditing.