Poland Determined to Meet New EU Privacy Regime Deadline

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Bogdan Turek

Poland is determined to comply with the European Union’s new privacy regime as the May 25, 2018 deadline approaches, a government official told Bloomberg BNA.

“It is going to be a revolution in the protection of personal data,” Maciej Kawecki, an adviser in Poland’s Digital Ministry, which is in charge of the implementation, said.

The General Data Protection Regulation (GDPR) provides one EU-wide regulation to replace a more than 20-year-old directive that required each country to pass its own privacy laws. The GDPR will bring stricter standards for user consent to the use of their personal data, mandatory data breach notification, and fines as high as $20 million euros ($23.3 million) or 4 percent of a company’s annual worldwide income, among other things.

The prospect of huge fines for violations of the data protection system should be a deterrent for most institutions, Kawecki said. The Digital Ministry is preparing domestic regulations so that the GDPR can be fully applied, he said.

“Due to GDPR, our data will be protected in a more effective way,” he said. Polish citizens “will be able to ask a company or an institution which has” their data “to delete it if a holder of the data has no grounds to further process it,” he told Bloomberg BNA.

New Data Protection Office

According to Kawecki, the general inspectorate of data protection (GIODO), which has operated for 20 years, will be replaced by a new office for personal data protection.

GIODO spokeswoman Agnieszka Swiatek-Dus said that her office, as an independent data protection office, is supporting the government in implementing the GDPR, but there is no justification to replace GIODO with a new body.

“A representative of the Digital Ministry often referred to a ‘new body’ without specifying how it is going to be formed and how its independence will be secured,” she said. Despite the controversy, GIODO is preparing to implement the GDPR, Swiatek-Dus said, adding that the regulator has conducted training for more than 800 future data protection officers.

Accelerated Implementation

Damian Karwala, senior associate in the technology, IT, and media practice at CMS Poland in Warsaw, told Bloomberg BNA that there has been an acceleration by companies in putting the required data protection draft project into practice. “It concerns chiefly the financial, telecommunication or media companies,” he explained.

Companies, in general, are in the process of evaluating what still has to be done to adjust to the GDPR requirements, Karwala said.

“Some of the companies—though it is still a limited group—have reached the implementation stage of specific solutions both organizational, in particular concerning internal procedures and preparation of documentation, or technological solutions aiming at increasing security in IT systems,” he said.

Joanna Fatek, spokeswoman for PKO BP, the largest Polish bank, said the bank has made efforts to adjust its operations to comply with the GDPR. However, it is difficult to assess how much GDPR implementation will cost, she said.

Wojciech Jabczynski, spokesman for Orange Polska, Poland’s largest mobile operator, said that his company will meet the deadline. “Orange Polska has always operated in line with the binding law and regulations. We are getting ready to implement GDPR on time,” he said.

To contact the reporter on this story: Bogdan Turek in Warsaw at correspondents@bna.com

To contact the editors responsible for this story: Donald G. Aplin at daplin@bna.com;

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security