GDPR: personal data can again flow freely from EU to US
In July, the European Commission adopted a key decision establishing the EU-US Data Privacy Framework. Its main aim is to ensure that personal data flowing into the US are protected in a way that is comparable to that guaranteed by EU countries. The…
The Office for Personal Data Protection advises data controllers on personal data protection impact assessment
The General Data Protection Regulation (GDPR) has introduced a new obligation for data controllers: to carry out a data protection impact assessment (DPIA). The obligation concerns the processing of data that involves a high risk of impacting the…
Detailed guidance on consent under GDPR
At the beginning of May 2020, the European Data Protection Board (formerly the Article 29 Working Party) issued new guidelines on obtaining and proving consent with personal data processing from data subjects, supplementing the existing Article 29…
Prevention of COVID-19 at the workplace and personal data processing
Under the current stressful conditions, most businesses struggle with the most critical issues such as the restriction of demand and the protection of the health of their employees. But even during difficult times, they must not forget their…
Access to workplace with fingerprint or face recognition? Office for Personal Data Protection to prepare legislation
Technologies processing the biometric data of employees are spreading. The use of fingerprints or face recognition to check workplace attendance is becoming increasingly frequent. The GDPR, however, only allows for very limited processing of…
Personal Data Protection Office imposes first fines for GDPR breaches
With the adoption of the General Data Protection Regulation (GDPR) has come considerable uncertainty among personal data controllers and processors as to the amount of penalties to be imposed by the Personal Data Protection Office for its breaches.…
Office for Personal Data Protection imposes fine for excessive keeping of copies
Last year, the Office for Personal Data Protection dealt with a case of an employer who kept excessive copies of employee documents. This is common practice among employers who, for safety’s sake make copies of all such documents. Nevertheless, this…
Personal Data Protection Office on when to perform a DPIA
When does it become necessary to carry out a data protection impact assessment? The Personal Data Protection Office attempts to answer this question with its List of Types of Personal Data Processing Operations Subject to Data Protection Impact…