Nov, 15th, 2010
CHANGES IN POLISH DATA PROTECTION LAW – NEW TOOLS AT THE DISPOSAL OF INSPECTOR GENERAL FOR PERSONAL DATA PROTECTION
After three years of legislation works the Polish Parliament has finally adopted changes to the Act on Personal Data Protection and some other acts. The changes refer mostly to the Inspector General for Personal Data Protection who has been empowered with several new rights.
Firstly, General Inspector has been established enforcement authority with respect to non-pecuniary obligations arising from decisions on personal data protection. It means that from now on General Inspector is entitled to impose fines in order to compel the subject of the decision to perform it. A single fine for a legal person may amount to a maximum of PLN 50 000 and total to a maximum of PLN 200 000.
Secondly, General Inspector has obtained the right to issue addresses to state and municipal bodies as well as natural and legal persons referring to observing the law on personal data protection. A subject of such an address is obliged to respond thereof within thirty days of its receipt.
Thirdly, General Inspector has obtained the right to apply to relevant authorities with proposals for legislative initiative or to issue or amend legislation on matters concerning the protection of personal data. A possibility of establishing local bureaus has also been implemented. Such bureaus will be founded by the President acting in association with General Inspector in the regions where the number of cases exceeds average.
Moreover, criminal liability has been introduced for foiling control actions. Perpetrator of the crime may be sentenced up to two years of imprisonment.
Last but not least, it is now clearly stated that the consent on processing of personal data may be withdrawn at any time. Until now the opinion of legal doctrine has been discrepant with this respect.
In conclusion, the protection of principles governing processing of personal data has been strengthened. In practice, until recently there were hardly any consequences (except for criminal liability) that a person violating personal data protection regulations might have borne. From now on this situation is likely to change. We will see to what extent.
Author: Mateusz Orliński
For any questions on this article, please contact Mateusz Orliński
Author: admin
(No Ratings Yet)
Loading ...