Past event

Processing personal data within a capital group - TMT policy group meeting

On 23 April, the BPCC's Technology, Media and Telecoms policy group met at the British Polish Business Centre to discuss issues surrounding the processing of personal data within a group of firms. The subject is of particular interest to multinational firms with operations in Poland, headquarters in another country, and data processing centres in a third.

The meeting, at which the keynote speaker was Dr Wojciech Wiewiórowski, head of Poland's personal data protection agency GIODO, was organised in collaboration with law firm SSW Spaczyński, Szczepaniak and Partners, and followed on from a similar event held last October. Once again there was a great deal of interest from members, with additional chairs having to be brought into the hall.

The meeting was opened with a presentation setting out the key issues surrounding the way that personal data is processed within a group. This was led by Dr Joanna Tomaszewska, a solicitor and partner in SSW. Ms Tomaszewska emphasised that each companies within the group requires a separate data controller, and thus one is required to meet the obligations arising from data protection regulations in that country. She also drew attention to the different status and relationships of entities that process data within the group, as well as the different ways in which personal data is transferred within the group.

Dr Wiewiórowski stressed that new regulations will soon come into force at national and European level, saying that the exchange of personal data within a group takes place as if it were a completely foreign entity and stressed that the possibility of data processing within the group as a whole is primarily determined by the purpose. He highlighted the role of binding corporate rules (BCRs) within the group of companies for the purpose of transfer of personal data.

The final presentation was from Paweł Pętlicki from IT services company Atende and covered the practical aspects of security related to the processing of personal data in cloud computing. The panel ended with a lively question and answer session.