Protection of Personal Data
Everyone processes personal data. However, not everyone is aware of the risk, their rights, and obligations related to it.
Owing to the fast technical progress and globalization, this process has been more and more dynamic and it has had an ever growing framework of application. New possibilities pose new challenges and growing threats when it comes to personal data protection including in terms of cyber safety. Moreover, legal provisions (e.g. GDPR) may cause additional dismay and fears.
If you are interested in cooperation with our law office, please contact us!
Legal provisions impose a number of obligations on entrepreneurs connected with processing of personal data i.a.:
- the obligation to assure relevant technical and organization means to protect personal data,
- the obligation to entrust the processed data by way of an agreement or other legal instrument (e.g. to an external accounting office), or
- the obligation to provide information in case of the personal data collection or acquisition.
The GDPR provisions breach concerning personal data protection is subject to i.a. severe pecuniary penalties. The penalties may reach as much as EUR 20 million and in case of an enterprise they may reach up to 4% of its total annual worldwide turnover for the previous financial year, whereby a higher sum shall be applicable.
Additional legal requirements arise if an entrepreneur conducts business activity via the Internet: for instance, in case of conduct of sale or other electronic services via the Internet, sending newsletters or conducting other marketing activities
Enterprise secret and cyber safety
Appropriate actions taken by an entrepreneur within the scope of personal data protection will also have an indirect positive influence on protection of that entrepreneur’s enterprise and it will affect the ensuring of the so-called cyber safety in the broad sense of that phrase.
In relation to the above, we recommend that you conduct an analysis of issues concerning personal data protection in your organization and come up with a strategy including in emergency cases (e.g. loss of an unencrypted information carrier with personal data of employees/clients).
Within the scope of personal data protection, we recommend periodical application of the rule: analyse – plan – act.
Our law office supports its clients i.a. within the following scope:
- issues concerning personal data of employees (i.a. monitoring of employees, adjusting employee documents in regard to GDPR, notifications concerning employees’ data breach to the President of the Personal Data Protection Office),
- legal audit concerning observing legal requirements within the scope of personal data protection (i.a. assistance in a data protection impact assessment) and implementation,
- development of means ensuring personal data protection (i.a. documentation connected with personal data processing),
- entrusting personal data processing to other entities,
- passing on personal data, including to third countries (e.g. USA, Japan),
- trainings and workshops.