Blog

Data protection

Sector audit plan: How to prepare for the audit carried out by the President of the PPDPO?

The President of the Polish Personal Data Protection Office has published the annual sector audit plan for 2024. Entities processing personal data using Internet (web) applications and private entities in the extent of fulfilling information obligations under Articles 13-14 of the GDPR should be prepared for the audit.

Cybersecurity
Data protection

The Digital Services Act (DSA) and combating disinformation – 10 key takeaways

The scale of online disinformation is widely considered to be one of the most important challenges in terms of providing users with a “safe, predictable, and trusted online environment”.

Data protection

The European Commission has issued a decision on the adequate level of protection under the EU-US Data Privacy Framework

The Commission’s decision of 10 July, 2023, on the adequate level of protection of personal data under the EU-US Data Privacy Framework restores legal certainty for businesses that transfer personal data to US-based entities in the course of their activity.

Data protection

DPA decisions imposing administrative fines annulled

Two of the most severe fines ever imposed by the President of the Personal Data Protection Office (DPA) for violations of the General Data Protection Regulation (GDPR) have been overturned in court proceedings. In both cases, the fines concerned a failure to implement adequate safeguards for personal data protection.

Data protection

The GDPR and new technologies law – the ten most significant trends and legislative developments in 2023

Data protection

Privacy issues in new rules on remote work and sobriety checks

New rules on remote work and sobriety checks at the workplace will soon be adopted. Employers will be required to adopt internal regulations on remote work and a procedure for the protection of personal data when work is performed  remotely. As for sobriety checks, employers will need to add sobriety check rules to work regulations and will be allowed to collect limited employee data in this respect.

Data protection

The Polish DPA fines a controller for not verifying a processor and for not concluding a data processing agreement

In September, the Polish DPA issued a decision fining a controller (a cultural institution) PLN 2500 for engaging a processor without concluding a data processing agreement in writing and without verifying whether the processor provided sufficient guarantees for the implementation of appropriate technical measures.

Data protection

Data controllers have to verify processors under GDPR – some remarks on Fortum case

In a decision of 19 January 2022, the President of the PDPO placed an administrative fine of PLN 4 911 732 on Fortum Marketing and Sales Polska SA as a controller, and PLN 250 135 on PIKA sp. z o.o. as a processor. In this case, the President of the PDPO imposed the highest fine yet imposed on a controller. This is an important decision both for users of outsourcing services and service providers.

Data protection

Is the Polish DPA competent to adjudicate matters concerning incidents that occurred prior to 25 May 2018?

The NSA has issued a judgment on the competence of the President of the PDPO to adjudicate matters concerning incidents that occurred prior to 25 May 2018.

Data protection

A former employee is not a trusted data recipient – the Polish DPA ruling in the Santander Bank Polska SA case

The President of the PDPO has imposed an administrative fine on Santander Bank Polska SA of PLN 545 000 for a breach of article 34(1) of the GDPR. The President of the PDPO stated that a former employee is not a trusted data recipient and that although the persons affected by this breach are not specifically defined, this does not hinder compliance with article 34 of the GDPR.

Data protection

Sectoral inspections planned by the President of the Personal Data Protection Office in 2022

Data protection

Legal uncertainty over collection of information on vaccination against COVID-19 by employers