fbpx

Download free GDPR compliance checklist!

Tag Archives for " Poland "

Fine for processing students’ fingerprints imposed on a school

The President of the Personal Data Protection Office imposed a fine of PLN 20 000 in connection with the breach consisting in the processing of biometric data of children when using the school canteen.

The school processed special categories of data (biometric data) of 680 children without a legal basis, whereas in fact it could use other forms of students identification.

Source: Fine for processing students’ fingerprints imposed on a school

The Polish supervisory authority imposed first administrative fine on a public entity

The President of the Personal Data Protection Office (“The President of the Office”) imposed first administrative fine of PLN 40,000 on a public entity for failure to comply with the GDPR.

The reason for imposing the fine was that the mayor of the city did not conclude a personal data processing agreement with the entities to which he transferred data.

Apart from the financial penalty, the President of the Office also ordered the controller to take action to remedy the relevant infringements within 60 days

Source: The Polish supervisory authority imposed first administrative fine on a public entity

Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards

The President of the Personal Data Protection Office imposed a fine of an amount higher than PLN 2.8 million (ca. 645,000 euros) on Morele.net.

The company’s organisational and technical measures for the protection of personal data were not appropriate to the risk posed by the processing of personal data, which means that data of about 2.2 million people have fallen into the wrong hands.

Source: Polish DPA imposes €645,000 fine for insufficient organisational and technical safeguards

Further changes in data protection laws in Poland

On 4 May 2019, further amendments to the rules on processing personal data will come into force. They concern over 150 legal statutes and refer to both the private and public sector.

Below we present the most important changes in the legal statutes that will be significant for the majority of companies: Labour Code The Act on Electronic Provision of Services (AEPS), Telecommunications Law Personal Data Protection Act Among other significant changed laws there are the Banking Law (e.g. with respect to providing written explanations on the conclusions of the assessment of clients’ creditworthiness and decisions based solely on automated processing, including profiling) and the Penal Code.

Full article: Further changes in data protection laws in Poland

Why you should pay close attention to the Polish DPA’s first GDPR fine

The Polish data protection authority’s first post-General Data Protection Regulation-era decision, and its first fine, raise questions about the GDPR’s retroactive applicability, transparency, procedural justice and legal competence.

Full article: Why you should pay close attention to the Polish DPA’s first GDPR fine

First fine imposed by the Polish privacy watchdog

The President of the Personal Data Protection Office (UODO) imposed its first fine for the amount of PLN 943 000 (around €220 000) for the failure to fulfil the information obligation.

The decision of the UODO’s President concerned the proceedings related to the activity of a company which processed the data subjects’ data obtained from publicly available sources, inter alia from the Central Electronic Register and Information on Economic Activity, and processed the data for commercial purposes. The authority verified incompliance with the information obligation in relation to natural persons conducting business activity – entrepreneurs who are currently conducting such activity or have suspended it, as well as entrepreneurs who conducted such activity in the past.

The controller fulfilled the information obligation by providing the information required under Art. 14 (1) – (3) of the GDPR only in relation to the persons whose e-mail addresses it had at its disposal. In case of the remaining persons the controller failed to comply with the information obligation – as it explained in the course of the proceedings – due to high operational costs. Therefore, it presented the information clause only on its website. In the opinion of the President of the Personal Data Protection Office, such action was insufficient.

Source: First fine imposed by the President of the Personal Data Protection Office | European Data Protection Board

Polish Ministry of Digital Affairs issues GDPR guidelines for fintech

The Polish Ministry of Digital Affairs recently issued an EU General Data Protection Regulation guidebook addressed to financial technology companies.

This is the third brochure published by the MDA’s Personal Data Protection Working Group this year, following one pertaining specifically to the health care sector and another one aimed generally toward entrepreneurs.

Source: Polish Ministry of Digital Affairs issues GDPR guidelines for fintech

EU DPAs urged to act against online ad auctions

Panoptykon Foundation, the Warsaw based digital rights organization, has joined in the complaints filed in the UK and Ireland in September by Jim Killock of the Open Rights Group, Michael Veale of University College London, and Dr Johnny Ryan of Brave.

Together, the complainants in Ireland, Poland, and the UK, have also filed new evidence today with the national data protection authorities of Ireland, Poland, and the United Kingdom, that reveals how ad auction companies, including Google, unlawfully profile Internet users’ religious beliefs, ethnicities, diseases, disabilities, and sexual orientation.

Full article: Update on GDPR complaint (RTB ad auctions)

Polish DPA’s guidance on data protection in the workplace partially “controversial”

The Polish data protection authority (‘UODO’) issued, on 4 October 2018, guidance for employers on data protection in the workplace, under the General Data Protection Regulation (‘GDPR’), following a public consultation on the same. In particular, the Guidance focuses on the processing of employee data during recruitment, selection and the employment period, as well as distinguishes between different types of employment contracts, such as those concerning temporary and permanent workers.

Full article: Poland: UODO’s guidance on data protection in the workplace partially “controversial”

>