Who is your favourite author?
We would like to inform you that work on the new EU General Data Protection Regulation (GDPR) is coming to an end. We expect the official text of the GDPR to be adopted by the European Parliament at the turn of March and April 2016, which means that the regulation will take effect in the second quarter of 2018.
One of main and most revolutionary of the changes to be introduced by the GDPR is that public authorities which control personal data processing in Member States (in Poland, the Inspector General for Personal Data Protection – Generalny Inspektor Ochrony Danych Osobowych; “GIODO”) will be authorised to impose high fines on businesses that fail to comply with the GDPR. The highest fines could be as much as 4% of a business’s worldwide turnover (but no more than EUR 20 million).
Due to this change, the level of risk associated with personal data processing will change entirely, and compliance with personal data protection laws will become even more important for businesses. In the current legal framework, as regards penalties for non-compliant personal data processing, the GIODO is only authorised to impose a coercive fine (of up to PLN 200 thousand) if an entity fails to comply with an administrative decision issued by the GIODO, and may send a notice of a suspected offence to the public prosecutor’s office.
Other major changes will be the application of one law where a data controller operates in several Member States (“one stop shop”), the designation of a Data Protection Officer, the notification of breaches of personal data protection laws, the creation of self-regulatory tools, and the introduction of data protection by design requirements applicable upon the development of products and services (“privacy by default”).
We will keep you posted of other details.
Full content of the legal alert is available in attached PDF.
From 25 May 2018 the General Data Protection Regulation (GDPR) applies in Poland and other European Union countries. We would therefore like to give you several details on the subject of how DZP processes personal data.
The administrator of the personal data is Domański Zakrzewski Palinka Sp.k. (“DZP”; address: Rondo ONZ 1, 00-124 Warszawa). Data are processed for contact purposes and to impart information on changes to provisions and authority practices and on other issues, including events concerning day-to-day legal, economic and cultural issues, inter alia, by sending DZP newsletters. The above is carried out on the basis of legitimate interests, i.e. in accordance with art. 6(1)(f) of the GDPR. Data can also be processed where necessary for the conclusion or performance of a contract and for compliance with a legal obligation to which DZP is subject, i.e. pursuant to art. 6(1)(b) and (c) of the GDPR. Data can be transferred to entities with whose help DZP achieves the indicated aims, including entities maintaining IT infrastructure. Giving data is voluntary and in contractual relations is a requirement for concluding and performing a contract. It is possible to object to data processing, request access to, rectification and erasure of personal data or restriction of processing and data portability. Data are kept until an objection is made, and in contractual relations – throughout the term of the contract and thereafter for a period specified in provisions on archiving and limitations period for claims. Anyone has the right to file a complaint with the President of the Personal Data Protection Office. Questions concerning privacy at DZP can be sent to DZP’s Data Protection Inspector, Macieja Maciejewskiego, at: email@example.com.
New rules on cookies: Domański Zakrzewski Palinka sp.k., as the service provider of the www.dzp.pl website, stores and accesses cookies, i.e. small text information fles sent by a web server and stored on your hard drive, or other data storage medium of a user, for the purposes of: proper functioning of the www.dzp.pl website, confguring the www.dzp.pl website, security and reliability of the www.dzp.pl website, session monitoring, providing advertisements, personalization of the displayed information to the user, or analysis, statistics, research and website trafc auditing.