The event, co-organised with law firm SSW, was attended by a representative of the Polish data protection office GIODO. Nearly one hundred representatives of leading Polish and foreign companies, mostly BPCC member companies, were present at the event.
Dr Joanna Tomaszewska, legal advisor and partner responsible for the practice of data protection at SSW, and Piotr Drobek, deputy director of the Department of Social Education and International Cooperation of GIODO, spoke about the revolutionary nature of the forthcoming changes in this field. The new Regulations will be directly applicable throughout the EU, without the need for implementation into national law,
Dr Tomaszewska set out the provisions of the proposed EU Regulation on personal data from the point of view of their impact on the way that businesses processes data. She stressed that the changes concern the entire philosophy of data protection - a strict registration-based approach for risk assessment, in which businesses must use all available tools, mechanisms and codes of good practice required by the Regulation. A one-stop-shop principle will be introduced, according to which a business's data controller should be supervised by a single national data protection authority, even if the business operates across many EU countries. Stricter requirements in the approach to obtaining consent will be introduced. Consent must be given freely, and the fact that sensitive data will be transfered to a third country and processed there should be made very clear. The law will be a fully harmonised Regulation of general scope, involving all Member States. Solutions related to the protection of personal data will result in an obligation to care for the privacy from the very outset - the concepts of privacy by default and privacy by design.
Mr Drobek pointed out that although the Regulation introduces new responsibilities and new standards, it is more liberal than Poland's current law on personal data protection. He noted that the upcoming changes will also require the revision of other special laws relating to personal data in force in Poland; in cases of conflict between the provisions of the Regulation and other laws, the Regulation will prevail. He listed these changes which will be the most important in Poland. Among them are the right to be forgotten, provisions relating to data processing in the context of employment, data profiling and the transmission of data to third countries.
Though the regulation will not enter force before the spring of 2018, businesses must take steps now to prepare for the upcoming changes, implementing the mechanisms for managing information. Companies that do so now will be able to avoid the severe financial penalties foreseen for regulatory non-compliance.
Presentations delivered at the event are available for download (in Polish only).