Protection of Personal Data
Every entrepreneur processes some kind of personal data. Owing to the fast technical progress and globalization, this process has been more and more dynamic and it has had an ever growing framework of application. New possibilities pose new challenges and growing threats when it comes to personal data protection including in terms of cyber safety.
Frequently Asked Questions
Legal provisions impose a number of obligations on entrepreneurs connected with processing of personal data i.a.:
- the obligation to assure relevant technical and organization means to protect personal data (the requirement of possession i.a. of the documentation strictly described in the provisions),
- the obligation to entrust the processed data by way of a written agreement (e.g. to an external accounting office), or
- the obligation to register the data collection (e.g. re clients) with the Inspector General for Personal Data Protection.
In some particular cases the entrepreneur will also be obliged to obtain an Inspector General’s permit to pass on personal data to countries outside of the European Economic Area.
In case of non-observance of the obligations concerning personal data protection, the entrepreneur or any persons acting on behalf of the entrepreneur (e.g. management board members) may be subject to penal liability (penalty fee, penalty of limitation of liberty or imprisonment) and administrative liability.
Additional legal requirements arise if an entrepreneur conducts business activity via the Internet: for instance, in case of conduct of sale or other electronic services via the Internet, sending newsletters or conducting other marketing activities
Enterprise secret and cyber safety
Appropriate actions taken by an entrepreneur within the scope of personal data protection will also have an indirect positive influence on protection of that entrepreneur’s enterprise and it will affect the ensuring of the so-called cyber safety in the broad sense of that phrase.
From 25 May 2018 – very high penalties for breaching the provisions
In 2018 the regulation of the European Parliament and Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (…) will come into force. The provisions stipulate a possibility to impose administrative financial penalties and their explicit enforcement. The penalties for breaching the provisions concerning in particular the basic rules of processing data or rights of persons whom such data concern may even be as high as 20 million EUR and in case of enterprises up to 4% of the total annual global trade from the previous financial year; it will be always the bigger of the amounts which will be applicable. The provisions of the regulation will be applied directly in all member states from 25 May 2018.
In relation to the above, we recommend that you conduct an analysis of issues concerning personal data protection in your enterprise and come up with a strategy. Within the scope of personal data protection, we recommend periodical application of the rule analyse – plan – act.
Our law office offers legal services to entrepreneurs in relation with personal data protection i.a. within the following scope:
- legal audit concerning observing legal requirements within the scope of personal data protection,
- development of means ensuring personal data protection which include documentation connected with personal data processing i.e. safety policy and IT system management instruction,
- entrusting personal data processing to other entities,
- notification and updating personal data collections with the Inspector General for Personal Data Protection („GIODO”),
- passing on personal data to third countries (e.g. USA)
- personal data protection rules and obligations binding the providers who are connected with rendering services by electronic means.