The General Data Protection Regulation (RODO) is a legal act of the EU that is mandatory for all member states of the European Union. The regulation concerns the rules for processing, using, and storing personal data. Some of these rules have been in place since May 24, 2016, while others came into force on May 25, 2018. Everyone who has lived or done business in Poland for more than three years remembers the endless emails asking to accept the new RODO rules.
What Does the Use of Personal Data Mean?
Personal data is information about an individual that allows them to be identified. In addition to the name and surname, other information may be requested, such as:
- Identification number (PESEL),
- Location,
- Internet identifier,
- And other information that allows you to be identified as an individual.
RODO is Regulated by the EU
RODO was adopted in April 2016 by the European Parliament and the Council of the European Union.
Who Does RODO Apply to?
All companies that collect and then use information about individuals are required to comply with the regulation. This most commonly concerns personal data of employees and clients of the company. The provisions of the regulation apply to large corporations, individual entrepreneurs, and online stores. If you have a company in Poland or are an entrepreneur, you need to invest time in creating and optimizing your RODO process in Poland.
What Entrepreneurs in Poland Need to Know About RODO
Every entrepreneur is required to comply with the principles of personal data protection. To this end, they must choose appropriate organizational and technical measures that allow personal data to be properly stored. Unfortunately, the provisions of the regulation do not specify what exact solutions should be implemented to protect personal data. It is only known that everything must comply with RODO.
The average cost of drafting the regulation ranges from 3500 PLN (€850) to infinity.
One of our clients paid €7000 for the regulation for their startup. You can find templates and contact lawyers for customization according to your specific needs and requirements.
Principles of RODO
The General Data Protection Regulation must comply with the following principles:
- Adequate protection of stored personal data,
- Providing clients with information about the processing of their personal data, as well as allowing them to review any changes,
- Obtaining consent to use personal information,
- Keeping records of data processing,
- Implementing the principle of confidentiality by default — this means introducing measures (technical and organizational) that allow processing only the data necessary for a specific operation,
- Notification of data security breaches to the supervisory authority, known as the notification obligation, which must be done within 72 hours from the occurrence of an event that breaches security,
- Providing documentation at the request of the supervisory authority that proves compliance with the law,
- Storing documents that confirm who gave consent for the processing of personal data, when, and to what extent.
The provisions of the regulation include obligations that entrepreneurs and all companies processing and managing personal data must comply with.
For any questions related to business in Poland, please contact Uniconsulting.group.
